Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-46399

Only use configured authenticationMechanisms when performing intra-cluster authenticating

    XMLWordPrintableJSON

Details

    • Task
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 5.3.0-rc0
    • None
    • None
    • Fully Compatible
    • Security 2021-11-01, Security 2021-11-15, Security 2021-11-29, Security 2021-12-13, Security 2021-12-27, Security 2022-01-10

    Description

      When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured.  This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.

      Attachments

        Issue Links

          is documented by

          Task - A task that needs to be done. DOCS-15019 Investigate changes in SERVER-46399: Only use configured authenticationMechanisms when performing intra-cluster authenticating

          • Major - P3 - Major loss of function.
          • Closed
          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-62334 Regression following SERVER-46399

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              adam.rayner@mongodb.com Adam Rayner
              sara.golemon@mongodb.com Sara Golemon
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: