Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-62476

Improve error message for unsupported SCRAM mechanism when authenticating with local.__system user

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Cannot Reproduce
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • Labels:
    • Server Security
    • Security 2023-04-03

      SERVER-46399 removed SCRAM-SHA-1 as an implicit auth mechanism for intra-cluster authentication - when an attempt is now made to authenticate using SCRAM-SHA-1 with the local.__system user, the following misleading error is reported:

       “AuthenticationFailed: It is not possible to authenticate as the __system user on servers started without a --keyFile parameter”

       

       

      We should improve the error message to be less confusing by failing the request earlier, e.g. in this block:

      https://github.com/mongodb/mongo/blob/d5f5bf69042dbef818e2d0adf84799a6a6d33aa9/src/mongo/db/auth/sasl_scram_server_conversation.cpp#L183

       

            Assignee:
            brad.moore@mongodb.com Brad Moore
            Reporter:
            adam.rayner@mongodb.com Adam Rayner
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: