-
Type: Task
-
Resolution: Won't Fix
-
Priority: Trivial - P5
-
Affects Version/s: None
-
Labels:None
RE: http://docs.mongodb.org/manual/core/authentication/#mongodb-cr-authentication
Even if we restrict the only authenticationMechanisms to MONGODB-CR, SCRAM-SHA-1 is implicitly enabled on the wire protocol, and clients can log in using that (the server performs the conversion on-the-fly when needed). That is, it is not possible to restrict a MongoDB 3.0 server to accepting only MONGODB-CR. It will always accept SCRAM-SHA-1 if MONGODB-CR is specified in the authenticationMechanisms.
I'm not sure how to express that. Let me know if it isn't clear.