SERVER-16534 defined a scheme which allows SCRAM-SHA-1 to work when a keyfile has been set, but no password based authentication mechanism has been enabled. The logic for this is embedded into the SCRAM implementation, but assumes that it's exclusive to SCRAM-SHA-1.

If SCRAM-SHA-256 is the only enabled authentication mechanism, and the user authenticating is not the intracluster user, this check may cause auth to fail with the following error:

2018-04-23T17:59:19.579-0400 I ACCESS   [conn1] SASL SCRAM-SHA-256 authentication failed for sajack on test from client 127.0.0.1:35206 ; BadValue: SCRAM-SHA-1 authentication is disabled