This is more of a usability issue than a bug. If you set up a sharded cluster with auth and forget to start mongos with --keyFile everything runs fine until you add an admin user. After adding the user db.auth() will fail without a useful error and balancing rounds will fail.

MongoDB shell version: 1.9.2
connecting to: test
mongos> use admin
switched to db admin
mongos> db.runCommand(

{'addShard': 'localhost:27018'}

)

{ "shardAdded" : "shard0000", "ok" : 1 }

mongos> db.runCommand(

{'addShard': 'localhost:27019'}

)

{ "shardAdded" : "shard0001", "ok" : 1 }

mongos> db.system.users.find()
mongos> db.system.users.count()
0
mongos> db.addUser('theadmin', 'mypassword')
{
"singleShard" : "localhost:27020",
"n" : 0,
"connectionId" : 14,
"err" : null,
"ok" : 1
}
{
"user" : "theadmin",
"readOnly" : false,
"pwd" : "02cdbcb825fda3c0824be229afa605e8",
"_id" : ObjectId("4e456aa827b2e95a4ccfbe29")
}
mongos> db.auth('theadmin', 'mypassword')
0

Fri Aug 12 11:02:06 [Balancer] distributed lock 'balancer/behackett-dt:27017:1313172036:1804289383' unlocked.
Fri Aug 12 11:02:16 [Balancer] ~ScopedDBConnection: _conn != null
Fri Aug 12 11:02:16 [Balancer] ~ScopedDbConnection: _conn != null
Fri Aug 12 11:02:16 [Balancer] caught exception while doing balance: nextSafe():

{ $err: "unauthorized db:config lock type:-1 client:127.0.0.1", code: 10057 }

Fri Aug 12 11:02:33 [conn1] authenticate:

{ authenticate: 1.0, user: "theadmin", nonce: "90a00bd5b3a86963", key: "ded39b5832e03051d7a0558b55355072" }

mongos should check with the config servers to see if they were started with --keyFile on first startup and log a useful warning. This will potentially cut down on mongodb-user questions.