Details
Description
If I start a server with authenticationMechanisms set to the empty string it fails:
/usr/local/m/versions/4.2/mongod --dbpath /tmp/42 --setParameter authenticationMechanisms='' --auth
|
However if I supply a bogus value for the mechanisms the server seems to start just fine:
/usr/local/m/versions/4.2/mongod --dbpath /tmp/42 --setParameter authenticationMechanisms='!' --auth
|
It even claims to have accepted ! for the mechanisms:
2020-04-08T22:04:45.981-0400 I CONTROL [initandlisten] options: { security: { authorization: "enabled" }, setParameter: { authenticationMechanisms: "!" }, storage: { dbPath: "/tmp/42" } }
|
This becomes a more significant issue when the mechanisms are valid but not for the version of the server that is being launched. For example, the following invocation tries to start 4.2 with the aws mechanism and succeeds (subsequently failing all aws auth authentication attempts):
/usr/local/m/versions/4.2/mongod --dbpath /tmp/42 --setParameter authenticationMechanisms=SCRAM-SHA-1,SCRAM-SHA-256,MONGODB-AWS --auth
|
|
As a user of the server, I would like the server to validate authenticationMechanisms parameter when it starts so that I am informed when I requested mechanisms that the server does not support, so that I can efficiently remedy the misconfiguration.