-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor - P4
-
Resolution: Fixed
-
Affects Version/s: None
-
Labels:
-
Backwards Compatibility:Fully Compatible
-
Backport Requested:v4.2, v4.0
-
Epic Link:
-
Sprint:Security 2019-06-03, Security 2019-06-17, Security 2019-07-01
-
Case:
The security.authenticationMechanisms parameter (as documented here) requires that "If you specify multiple values, use a comma-separated list and no spaces."
If you put a space like for example:
authenticationMechanisms: "SCRAM-SHA-256, GSSAPI"
|
SCRAM-SHA-256 will be enabled and GSSAPI not in a silent way. This can trick users and who needs to troubleshoot this.
It would be nice to have a warning message that warns you that you have a space in the authenticationMechanisms parameter string and all the auth mechanisms specified may have not been enabled because of that.