Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-62476

Improve error message for unsupported SCRAM mechanism when authenticating with local.__system user

    XMLWordPrintableJSON

Details

    • Task
    • Status: Investigating
    • Major - P3
    • Resolution: Unresolved
    • None
    • None
    • None
    • Security
    • Security 2023-04-03

    Description

      SERVER-46399 removed SCRAM-SHA-1 as an implicit auth mechanism for intra-cluster authentication - when an attempt is now made to authenticate using SCRAM-SHA-1 with the local.__system user, the following misleading error is reported:

       “AuthenticationFailed: It is not possible to authenticate as the __system user on servers started without a --keyFile parameter”

       

       

      We should improve the error message to be less confusing by failing the request earlier, e.g. in this block:

      https://github.com/mongodb/mongo/blob/d5f5bf69042dbef818e2d0adf84799a6a6d33aa9/src/mongo/db/auth/sasl_scram_server_conversation.cpp#L183

       

      Attachments

        Activity

          People

            brad.moore@mongodb.com Brad Moore
            adam.rayner@mongodb.com Adam Rayner
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: