Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16534

SCRAM-SHA-1 auth mechanism should be allowed for __system@local user even if SCRAM-SHA-1 is not configured as an authMechanism

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • 2.8.0-rc2
    • 2.8.0-rc4
    • Security
    • None
    • Fully Compatible
    • ALL

    Description

      Currently in 2.6, if MONGODB-CR is not configured as an allowed authMechanism (say the user wants to only allow PLAIN (LDAP)), an exception is made for the __system@local user so that keyfile authentication can take place.

      In 2.8, the same exception is made for MONGODB-CR, but no exception is made for SCRAM-SHA-1.

      An exception should be made for SCRAM-SHA-1 to prevent problems later on when MONGODB-CR is removed.

      Attachments

        Issue Links

          Activity

            People

              andreas.nilsson Andreas Nilsson
              tim.olsen@mongodb.com Timothy Olsen
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: