Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-16534

SCRAM-SHA-1 auth mechanism should be allowed for __system@local user even if SCRAM-SHA-1 is not configured as an authMechanism

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.8.0-rc4
    • Affects Version/s: 2.8.0-rc2
    • Component/s: Security
    • Labels:
      None
    • Fully Compatible
    • ALL

      Currently in 2.6, if MONGODB-CR is not configured as an allowed authMechanism (say the user wants to only allow PLAIN (LDAP)), an exception is made for the __system@local user so that keyfile authentication can take place.

      In 2.8, the same exception is made for MONGODB-CR, but no exception is made for SCRAM-SHA-1.

      An exception should be made for SCRAM-SHA-1 to prevent problems later on when MONGODB-CR is removed.

            Assignee:
            andreas.nilsson Andreas Nilsson
            Reporter:
            tim.olsen@mongodb.com Timothy Olsen (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: