Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-6342

Forcing MONGODB-CR auth mechanism in 3.0 silently enables SCRAM-SHA-1

XMLWordPrintableJSON

      RE: http://docs.mongodb.org/manual/core/authentication/#mongodb-cr-authentication

      Even if we restrict the only authenticationMechanisms to MONGODB-CR, SCRAM-SHA-1 is implicitly enabled on the wire protocol, and clients can log in using that (the server performs the conversion on-the-fly when needed). That is, it is not possible to restrict a MongoDB 3.0 server to accepting only MONGODB-CR. It will always accept SCRAM-SHA-1 if MONGODB-CR is specified in the authenticationMechanisms.

      I'm not sure how to express that. Let me know if it isn't clear.

            Assignee:
            kay.kim@mongodb.com Kay Kim (Inactive)
            Reporter:
            andrew.ryder@mongodb.com Andrew Ryder (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:
              1 year, 26 weeks, 6 days ago