Uploaded image for project: 'PHP Driver: Extension'
  1. PHP Driver: Extension
  2. PHPC-1022

Sporadic SCRAM-SHA-1 authentication failures due to "storedKey mismatch"

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 1.3.0
    • 1.5.0
    • None
    • None
    • MongoDB 3.4.9 on Ubuntu 14.04

    Description

      In this thread on mongodb-user, a user reported sporadic authentication failures with SCRAM-SHA-1 in both FPM and CLI environments. The following code is used to connect:

      $sslContext = stream_context_create([
      		 
              "ssl" => [
      		 
                      "verify_peer" => false,
      		 
                      "verify_peer_name" => false,
      		 
                      "allow_self_signed" => true,
      		 
              ],
      		 
      ]);
      		 
       
      		 
      $this->client = new MongoDB\Client(
      		 
              'mongodb://db1:27017,db2:27017,db3:27017/',
      		 
              [
      		 
                      'username'               => $this->conOpts['username'],
      		 
                      'password'               => $this->conOpts['password'],
      		 
                      'ssl'                    => true,
      		 
                      'replicaSet'             => $this->conOpts['replicaSet'],
      		 
                      'authSource'             => $this->conOpts['db'],
      		 
              ],
      		 
              [
      		 
                      'context' => $sslContext,
      		 
                      'typeMap' => ['root' => 'array', 'document' => 'array', 'array' => 'array']
      		 
              ]
      		 
      );

      This error only started appearing in PHPC 1.3.0, which leads me to believe it may be related to some change in libmongoc between 1.5.5 (used by PHPC 1.2.x) and 1.8.0 (used by PHPC 1.3.0). It's possible this may be related to SCRAM-SHA-1 caching introduced in fc3ff3b for CDRIVER-2150.

      Attachments

        Issue Links

          depends on

          Bug - A problem which impairs or prevents the functions of the product. CDRIVER-2539 SCRAM secrets should be cached by hashed password, salt, and iterations

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. PHPC-1174 Upgrade bundled libbson and libmongoc to 1.10

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Improvement - An improvement or enhancement to an existing feature or task. CDRIVER-2150 Cache SCRAM-SHA-1 ClientKey

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. PHPC-960 Cache SCRAM-SHA-1 ClientKey

          • Major - P3 - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SERVER-26952 Cache SCRAM-SHA-1 ClientKey

          • Major - P3 - Major loss of function.
          • Closed
          links to

          Web Link Random "Authentication failed" since upgrade to pecl-mongodb 1.3.0

          Activity

            People

              jmikola@mongodb.com Jeremy Mikola
              jmikola@mongodb.com Jeremy Mikola
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: