Sporadic SCRAM-SHA-1 authentication failures due to "storedKey mismatch"

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Fixed
    • Priority: Major - P3
    • 1.5.0
    • Affects Version/s: 1.3.0
    • Component/s: None
    • None
    • Environment:
      MongoDB 3.4.9 on Ubuntu 14.04
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      In this thread on mongodb-user, a user reported sporadic authentication failures with SCRAM-SHA-1 in both FPM and CLI environments. The following code is used to connect:

      $sslContext = stream_context_create([
              "ssl" => [
                      "verify_peer" => false,
                      "verify_peer_name" => false,
                      "allow_self_signed" => true,
              ],
      ]);
      
      $this->client = new MongoDB\Client(
              'mongodb://db1:27017,db2:27017,db3:27017/',
              [
                      'username'               => $this->conOpts['username'],
                      'password'               => $this->conOpts['password'],
                      'ssl'                    => true,
                      'replicaSet'             => $this->conOpts['replicaSet'],
                      'authSource'             => $this->conOpts['db'],
              ],
              [
                      'context' => $sslContext,
                      'typeMap' => ['root' => 'array', 'document' => 'array', 'array' => 'array']
              ]
      );
      

      This error only started appearing in PHPC 1.3.0, which leads me to believe it may be related to some change in libmongoc between 1.5.5 (used by PHPC 1.2.x) and 1.8.0 (used by PHPC 1.3.0). It's possible this may be related to SCRAM-SHA-1 caching introduced in fc3ff3b for CDRIVER-2150.

            Assignee:
            Jeremy Mikola
            Reporter:
            Jeremy Mikola
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: