When both audit and authentication are enabled in a sharded cluster it is not possible to read from secondaries.
Attempts to read from a secondary fail with an error.
Users can read from primary nodes instead.
MongoDB production releases in the 2.6 series up to 2.6.3 (inclusive) are affected by this issue.
The fix is included in the 2.6.4 production release.
Do not invoke the runCommand hook when executing authentication commands. Executing this hook leads to commands that cannot be run by unauthenticated users, which prevents authentication of connections when auditing is enabled.