[DOCS-15019] Investigate changes in SERVER-46399: Only use configured authenticationMechanisms when performing intra-cluster authenticating - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Done
Affects Version/s: None
Fix Version/s: 5.3.0-rc0
Component/s: manual, Server
Labels:
None

Story Points:
3
Epic Link:
DOCS: 5.3 Upcoming
Sprint:
ServerDocs2022: Jan25 - Feb1, ServerDocs2022: Feb1 - Feb7, ServerDocs2022: Feb8 - Feb15, ServerDocs2022: Feb22 - Mar01

Description

Downstream Change Summary

Removes SCRAM-SHA-1 as an intra-cluster auth mechanism (the local.__system user), only SCRAM-SHA-256 is now supported.

Prior to this change it was possible to use both SCRAM-SHA-1 and SCRAM-SHA-256 to authenticate as local.__system, even if neither were explicitly enabled. This functionality now exists only for the SCRAM-SHA-256 mechanism.

Description of Linked Ticket

When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured. This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.

Attachments

Issue Links

documents

SERVER-46399 Only use configured authenticationMechanisms when performing intra-cluster authenticating

Closed

Activity

People

Assignee:: Jason Price

Reporter:: Backlog - Core Eng Program Management Team

Participants:: Backlog - Core Eng Program Management Team, Githook User, Jason Price, Jess Mokrzecki, PM Bot

Last commenter:: Jess Mokrzecki

External Reviewer:: Adam Rayner

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: Jan 08 2022 12:55:46 AM UTC

Updated:: Apr 15 2022 07:19:01 PM UTC

Resolved:: Mar 03 2022 06:00:59 PM UTC

Days since reply:: 1 year, 29 weeks, 2 days ago

Date of 1st Reply:: 08/Jan/22 12:55 AM