Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-34626

Remove SCRAM-SHA-1 specific intracluster auth checks from SCRAM-SHA-256

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major - P3 Major - P3
    • 4.0.0-rc0
    • None
    • Security
    • None
    • Fully Compatible
    • ALL
    • Platforms 2018-05-07

    Description

      SERVER-16534 defined a scheme which allows SCRAM-SHA-1 to work when a keyfile has been set, but no password based authentication mechanism has been enabled. The logic for this is embedded into the SCRAM implementation, but assumes that it's exclusive to SCRAM-SHA-1.

      If SCRAM-SHA-256 is the only enabled authentication mechanism, and the user authenticating is not the intracluster user, this check may cause auth to fail with the following error:

      2018-04-23T17:59:19.579-0400 I ACCESS   [conn1] SASL SCRAM-SHA-256 authentication failed for sajack on test from client 127.0.0.1:35206 ; BadValue: SCRAM-SHA-1 authentication is disabled
      

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            spencer.jackson@mongodb.com Spencer Jackson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: