Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-15270

Starting mongod with SCRAM-SHA-1 does't actually create SCRAM-SHA-1 credentials

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Duplicate
    • Affects Version/s: 2.7.7
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
    • Operating System:
      ALL
    • Steps To Reproduce:
      Hide

      $ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv  mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/

      $ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8

      $ ./2014-09-16-nossl/mongo

      > use admin

      switched to db admin

      > db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})

      Successfully added user: {
      	"user" : "admin",
      	"roles" : [
      		{
      			"role" : "root",
      			"db" : "admin"
      		}
      	]
      }

      >  db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"})

      Error: 1 The server is not compiled with SSL support

      restarting mongod without --auth and then fire up mongo shell again:

      > db.system.users.findOne()

      {
      	"_id" : "admin.admin",
      	"user" : "admin",
      	"db" : "admin",
      	"credentials" : {
      		"MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c"
      	},
      	"roles" : [
      		{
      			"role" : "root",
      			"db" : "admin"
      		}
      	]
      }

      >

      Show
      $ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/ $ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8 $ ./2014-09-16-nossl/mongo > use admin switched to db admin > db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]}) Successfully added user: { "user" : "admin", "roles" : [ { "role" : "root", "db" : "admin" } ] } > db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"}) Error: 1 The server is not compiled with SSL support restarting mongod without --auth and then fire up mongo shell again: > db.system.users.findOne() { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c" }, "roles" : [ { "role" : "root", "db" : "admin" } ] } >

      Description

      When mongod is compiled without OpenSSL support it does not support SCRAM-SHA-1.

      Yet, it will happily accept it as authenticationMechanisms=SCRAM-SHA-1 where as it should fail to startup.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              bjori Hannes Magnusson
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: