After discussion with donald.anderson the auth_token API configuration should not be allowed (or really is not needed) in reconfigure but only specified on wiredtiger_open. In addition to not being needed, reconfiguring on the fly would be complex if there are a lot of handles open to objects on a filesystem that is authorized already.