Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-1461

Support authentication mechanism negotiation

    • Type: Icon: New Feature New Feature
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.13.0, 3.0.0
    • Affects Version/s: None
    • Component/s: Authentication
    • Labels:

      To support authentication upgrades from older versions of MongoDB to 2.8 the driver will use the following algorithm:

      • If the application specifies a particular authMechanism (e.g. MONGODB-CR) the driver will continue to honor it.
      • If the application provides a user and password but provides no explicit authMechanism, or calls the DB.authenticate method, the following applies:
        • If connecting to a server whose version is >= 2.8, the driver will use SCRAM-SHA-1 (i.e. the driver's default mechanism is SCRAM-SHA-1)
        • Otherwise the driver will use MONGODB-CR (i.e. the driver's default mechanism remains MONGODB-CR)

      MongoDB 2.8 will always support SCRAM-SHA-1 if at least MONGODB-CR was specified in --authenticationMechanisms, so drivers do not have to "try and fall back". If SCRAM credentials don't yet exist for a user they will be created on-the-fly when the driver uses SCRAM-SHA-1 for mechanism.

            jeff.yemin@mongodb.com Jeffrey Yemin
            jeff.yemin@mongodb.com Jeffrey Yemin
            0 Vote for this issue
            1 Start watching this issue