-
Type: Task
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Labels:None
Removes SCRAM-SHA-1 as an intra-cluster auth mechanism (the local.__system user), only SCRAM-SHA-256 is now supported.
Prior to this change it was possible to use both SCRAM-SHA-1 and SCRAM-SHA-256 to authenticate as local.__system, even if neither were explicitly enabled. This functionality now exists only for the SCRAM-SHA-256 mechanism.
Description of Linked Ticket
When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured. This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.
- documents
-
SERVER-46399 Only use configured authenticationMechanisms when performing intra-cluster authenticating
- Closed