Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Done
Priority: Major - P3
Fix Version/s: 5.3.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113, Server_Docs_20240319
Affects Version/s: None
Component/s: manual, Server
Labels:
None

Epic Link:
DOCSP-19447
Story Points:
3

Downstream Change Summary

Removes SCRAM-SHA-1 as an intra-cluster auth mechanism (the local.__system user), only SCRAM-SHA-256 is now supported.

Prior to this change it was possible to use both SCRAM-SHA-1 and SCRAM-SHA-256 to authenticate as local.__system, even if neither were explicitly enabled. This functionality now exists only for the SCRAM-SHA-256 mechanism.

Description of Linked Ticket

When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured. This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.

documents

SERVER-46399 Only use configured authenticationMechanisms when performing intra-cluster authenticating

Closed

Assignee:: Jason Price

Reporter:: Backlog - Core Eng Program Management Team

Participants:: Backlog - Core Eng Program Management Team, Githook User, Jason Price, Jess Mokrzecki, PM Bot

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: Jan 08 2022 12:55:46 AM UTC

Updated:: Mar 20 2024 04:31:59 PM UTC

Resolved:: Mar 03 2022 06:00:59 PM UTC

Days since reply:: 2 years, 21 weeks, 1 day ago

Details

Description

Description of Linked Ticket

Attachments

Issue Links

Activity

People

Dates