-
Type:
Bug
-
Status: Closed
-
Priority:
Critical - P2
-
Resolution: Works as Designed
-
Affects Version/s: 3.0.0
-
Fix Version/s: None
-
Component/s: Security
-
Labels:None
-
Operating System:ALL
Hi all,
Starting a server (from scracth) in 3.0 and authenticationMechanisms=MONGODB-CR and auth enabled makes impossible to login with that mechanism.
I've traced it a little bit: when users are created (even with this auth mechanism) the credentials created are only for "SCRAM-SHA-1".
see Sample:
{
|
"_id" : "admin.admin",
|
"user" : "admin",
|
"db" : "admin",
|
"credentials" : {
|
"SCRAM-SHA-1" : {
|
"iterationCount" : 10000,
|
"salt" : "FPnmqmCI04KHJVZunfaI2Q==",
|
"storedKey" : "i+jvORcFsnx6CXt0Bd924e2f804=",
|
"serverKey" : "PQHG8nYYcJTjFEClqjFRZ8PTLTA="
|
}
|
},
|
"roles" : [
|
{
|
"role" : "userAdminAnyDatabase",
|
"db" : "admin"
|
},
|
{
|
"role" : "root",
|
"db" : "admin"
|
}
|
]
|
}
|
But if I go to a 2.6 server create the same credentials, then update the 3.0 server user document credentials with the MONGODB-CR it can successfully log in.
{
|
"_id" : "admin.admin",
|
"user" : "admin",
|
"db" : "admin",
|
"credentials" : {
|
"SCRAM-SHA-1" : {
|
"iterationCount" : 10000,
|
"salt" : "FPnmqmCI04KHJVZunfaI2Q==",
|
"storedKey" : "i+jvORcFsnx6CXt0Bd924e2f804=",
|
"serverKey" : "PQHG8nYYcJTjFEClqjFRZ8PTLTA="
|
},
|
"MONGODB-CR" : "8aab8902fd862afad8064b73bd149d00"
|
},
|
"roles" : [
|
{
|
"role" : "userAdminAnyDatabase",
|
"db" : "admin"
|
},
|
{
|
"role" : "root",
|
"db" : "admin"
|
}
|
]
|
}
|
There's still a lot of code/programs (as admin UIs robomongo, nosqlmanager and so on) that still is not ready to the new auth schema and makes impossible to login, even if I specify the MONGODB-CR auth.
I think that the credentials created for a new user need to include also the auth mechanism enabled, this will possible a softer transition, for us right now means a lot of user collection manual hack or don't upgrade.
Thanks!