Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 5.3.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security 2021-11-01, Security 2021-11-15, Security 2021-11-29, Security 2021-12-13, Security 2021-12-27, Security 2022-01-10

When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured. This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.

is documented by

DOCS-15019 Investigate changes in SERVER-46399: Only use configured authenticationMechanisms when performing intra-cluster authenticating

Closed

related to

SERVER-62334 Regression following SERVER-46399

Closed

Assignee:: Adam Rayner

Reporter:: Sara Golemon

Participants:: Adam Rayner, Doug Tarr, Githook User, Sara Golemon, Spencer Jackson

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: Feb 25 2020 08:20:55 PM UTC

Updated:: Nov 14 2023 08:10:37 PM UTC

Resolved:: Jan 08 2022 12:55:44 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates