https://github.com/mongodb/mongo/commit/cbdf562d57b8419aaea83c26effbba14652ea7b3 introduced security.authentication as an equivalent parameter to --auth and --noauth, but for use within a config file. This flag, however, controls authorization checking, not authentication behavior. Therefore, we should change the flag from security.authentication=[mandatory,optional] to security.authorization=[enabled,disabled]