Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Fixed
Priority: Minor - P4
Fix Version/s: 4.3.1
Affects Version/s: 4.0.12
Component/s: None
Labels:
None

Backwards Compatibility:
Minor Change
Operating System:
ALL
Sprint:
Security 2019-11-04
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

In debugging an auth-related failure today, I came across the following message in mongod log:

2019-10-04T17:21:51.803-0400 I ACCESS [conn379] SASL SCRAM-SHA-256 authentication failed for dev on admin from client 127.0.0.1:55716 ; AuthenticationFailed: Unable to perform SCRAM authentication for a user with missing or invalid SCRAM credentials

This message conflates two non-overlapping failure modes:

1. The credentials were missing, and thus scram authentication was not attempted.
2. Credentials were supplied, authentication was attempted, credentials were found to be invalid.

Each of these failure modes should have its own, separate log message.

I used a 4.0 server for the test but master appears to have the same message string in it.

related to

RUBY-1948 Default authentication options are set on URI and not on client

Closed

Assignee:: Sara Golemon (Inactive)
Reporter:: Oleg Pudeyev (Inactive)
Participants:: Githook User, Oleg Pudeyev, Sara Golemon
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Oct 04 2019 10:21:25 PM UTC
Updated:: Oct 29 2023 10:16:23 PM UTC
Resolved:: Oct 24 2019 06:28:00 PM UTC
Confidence Status Last Update:: 23/Oct/19 9:09 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates