Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16534

SCRAM-SHA-1 auth mechanism should be allowed for __system@local user even if SCRAM-SHA-1 is not configured as an authMechanism

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.8.0-rc2
    • Fix Version/s: 2.8.0-rc4
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL

      Description

      Currently in 2.6, if MONGODB-CR is not configured as an allowed authMechanism (say the user wants to only allow PLAIN (LDAP)), an exception is made for the __system@local user so that keyfile authentication can take place.

      In 2.8, the same exception is made for MONGODB-CR, but no exception is made for SCRAM-SHA-1.

      An exception should be made for SCRAM-SHA-1 to prevent problems later on when MONGODB-CR is removed.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              andreas.nilsson Andreas Nilsson
              Reporter:
              tim.olsen Timothy Olsen
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: