This recurring failure in sharding/auth.js might be due to replication. We addUser() and then immediately try to authenticate using this user; even with getLastError(), sometimes we still get an error saying the user is missing.
The theory is that addUser() went to the primary but the authentication was done on a secondary. Should it be a requirement that adding users should be done with getLastError and w=all? Or should we change the auth code to retry a user lookup on the primary if a secondary doesn't have a user?
This test used to pass reliably; a change was committed recently that sped things up (or at least changed the timing of things) and now the test fails frequently, especially on faster builders.