Support authentication mechanism negotiation

XMLWordPrintableJSON

    • Type: New Feature
    • Resolution: Done
    • Priority: Major - P3
    • 2.13.0, 3.0.0
    • Affects Version/s: None
    • Component/s: Authentication
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      To support authentication upgrades from older versions of MongoDB to 2.8 the driver will use the following algorithm:

      • If the application specifies a particular authMechanism (e.g. MONGODB-CR) the driver will continue to honor it.
      • If the application provides a user and password but provides no explicit authMechanism, or calls the DB.authenticate method, the following applies:
        • If connecting to a server whose version is >= 2.8, the driver will use SCRAM-SHA-1 (i.e. the driver's default mechanism is SCRAM-SHA-1)
        • Otherwise the driver will use MONGODB-CR (i.e. the driver's default mechanism remains MONGODB-CR)

      MongoDB 2.8 will always support SCRAM-SHA-1 if at least MONGODB-CR was specified in --authenticationMechanisms, so drivers do not have to "try and fall back". If SCRAM credentials don't yet exist for a user they will be created on-the-fly when the driver uses SCRAM-SHA-1 for mechanism.

              Assignee:
              Jeffrey Yemin
              Reporter:
              Jeffrey Yemin
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: