Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15270

Starting mongod with SCRAM-SHA-1 does't actually create SCRAM-SHA-1 credentials

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.7.7
    • Component/s: Security
    • Labels:
    • ALL
    • Hide 
      $ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv  mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/
      $ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8
      $ ./2014-09-16-nossl/mongo
      > use admin

      switched to db admin

      > db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})
      Successfully added user: {
	"user" : "admin",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}
      >  db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"})

      Error: 1 The server is not compiled with SSL support

      restarting mongod without --auth and then fire up mongo shell again:

      > db.system.users.findOne()
      {
	"_id" : "admin.admin",
	"user" : "admin",
	"db" : "admin",
	"credentials" : {
		"MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c"
	},
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

      >

      Show
      $ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/ $ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8 $ ./2014-09-16-nossl/mongo > use admin switched to db admin > db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]}) Successfully added user: { "user" : "admin" , "roles" : [ { "role" : "root" , "db" : "admin" } ] } > db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"}) Error: 1 The server is not compiled with SSL support restarting mongod without --auth and then fire up mongo shell again: > db.system.users.findOne() { "_id" : "admin.admin" , "user" : "admin" , "db" : "admin" , "credentials" : { "MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c" }, "roles" : [ { "role" : "root" , "db" : "admin" } ] } >

      When mongod is compiled without OpenSSL support it does not support SCRAM-SHA-1.

      Yet, it will happily accept it as authenticationMechanisms=SCRAM-SHA-1 where as it should fail to startup.

            Assignee:
            Unassigned Unassigned
            Reporter:
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: