Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24402

Auth-Enabled mongo conf, not working with MONGODB-CR Authentication

    XMLWordPrintableJSON

Details

    • Icon: Question Question
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Admin, Security
    • None

    Description

      We are using Mongo 3.0.3. As our client .Net driver doesn't support SCRAM-SHA-1 type authentication, had to downgrade the security to MONGODB-CR. The replicaset successfully connects to client and communication takes place.

      Below are the proofs:

      db.system.version.find()
      { "_id" : "authSchema", "currentVersion" : 3 }
       
      { "_id" : "admin.admin_mongo", "user" : "admin_mongo", "db" : "admin", "credentials" : { "MONGODB-CR" : "0c23321a8e8ffc2377a61eb54fccf4a5" }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "root", "db" : "admin" } ] }
      

      Recently we implemented Auth-Enabled feature in our Mongod.conf file, since then after restarting Replica set, seeing the below error.

      ACCESS [conn253] SCRAM-SHA-1 authentication failed for __system on local from client XXXXXXX ; AuthenticationFailed SCRAM-SHA-1 authentication failed, storedKey mismatch
      

      Used OpenSSL method to generate the keyfile. It's stored with 600 permission in a place where the user running mongod has access.

      I have been searching for the solution to this problem, however none is related to my case. what feels me nervous is - in Mongodb documentation it says "Keyfiles use SCRAM-SHA-1 challenge and response authentication mechanism. "

      so, if the Keyfiles uses SCRAM-SHA-1 challenge and response, how it's going to work in this case as i have already lowered the authentication mechanism to MONGODB-CR because of the client driver?

      And what would be the solution to this problem. Please help.

      Thank you,.

      Attachments

        Activity

          People

            kelsey.schubert@mongodb.com Kelsey Schubert
            tilakmishra tilak mishra
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: