Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-15019

Investigate changes in SERVER-46399: Only use configured authenticationMechanisms when performing intra-cluster authenticating

      Downstream Change Summary

      Removes SCRAM-SHA-1 as an intra-cluster auth mechanism (the local.__system user), only SCRAM-SHA-256 is now supported.

      Prior to this change it was possible to use both SCRAM-SHA-1 and SCRAM-SHA-256 to authenticate as local.__system, even if neither were explicitly enabled. This functionality now exists only for the SCRAM-SHA-256 mechanism.

      Description of Linked Ticket

      When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured.  This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.

            jason.price@mongodb.com Jason Price
            backlog-server-pm Backlog - Core Eng Program Management Team
            0 Vote for this issue
            4 Start watching this issue

              1 year, 51 weeks, 1 day ago