Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15270

Starting mongod with SCRAM-SHA-1 does't actually create SCRAM-SHA-1 credentials

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major - P3 Major - P3
    • None
    • 2.7.7
    • Security
    • ALL
    • Hide

      $ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv  mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/

      $ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8

      $ ./2014-09-16-nossl/mongo

      > use admin

      switched to db admin

      > db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})

      Successfully added user: {
      	"user" : "admin",
      	"roles" : [
      		{
      			"role" : "root",
      			"db" : "admin"
      		}
      	]
      }

      >  db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"})

      Error: 1 The server is not compiled with SSL support

      restarting mongod without --auth and then fire up mongo shell again:

      > db.system.users.findOne()

      {
      	"_id" : "admin.admin",
      	"user" : "admin",
      	"db" : "admin",
      	"credentials" : {
      		"MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c"
      	},
      	"roles" : [
      		{
      			"role" : "root",
      			"db" : "admin"
      		}
      	]
      }

      >

      Show
      $ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/ $ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8 $ ./2014-09-16-nossl/mongo > use admin switched to db admin > db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]}) Successfully added user: { "user" : "admin", "roles" : [ { "role" : "root", "db" : "admin" } ] } > db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"}) Error: 1 The server is not compiled with SSL support restarting mongod without --auth and then fire up mongo shell again: > db.system.users.findOne() { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c" }, "roles" : [ { "role" : "root", "db" : "admin" } ] } >

    Description

      When mongod is compiled without OpenSSL support it does not support SCRAM-SHA-1.

      Yet, it will happily accept it as authenticationMechanisms=SCRAM-SHA-1 where as it should fail to startup.

      Attachments

        Activity

          People

            Unassigned Unassigned
            bjori Hannes Magnusson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: