[DOCS-15019] Investigate changes in SERVER-46399: Only use configured authenticationMechanisms when performing intra-cluster authenticating Created: 08/Jan/22  Updated: 13/Nov/23  Resolved: 03/Mar/22

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 5.3.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Jason Price
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-46399 Only use configured authenticationMec... Closed
Participants:
Days since reply: 1 year, 48 weeks, 6 days ago
Epic Link: DOCSP-19447
Story Points: 3

 Description   
Downstream Change Summary

Removes SCRAM-SHA-1 as an intra-cluster auth mechanism (the local.__system user), only SCRAM-SHA-256 is now supported.

Prior to this change it was possible to use both SCRAM-SHA-1 and SCRAM-SHA-256 to authenticate as local.__system, even if neither were explicitly enabled. This functionality now exists only for the SCRAM-SHA-256 mechanism.

Description of Linked Ticket

When we introduced SCRAM-SHA-256, we gave a special exception for the internalSecurity.user to authenticate using SCRAM-SHA-1 even if it wasn't configured.  This has been in use long enough that we should reexamine this decision and tighten up mechanism selection.



 Comments   
Comment by Githook User [ 03/Mar/22 ]

Author:

{'name': 'jason-price-mongodb', 'email': '69260375+jason-price-mongodb@users.noreply.github.com', 'username': 'jason-price-mongodb'}

Message: DOCS-15019 cluster authentication (#744)

Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com>
Branch: master
https://github.com/10gen/docs-mongodb-internal/commit/9740f5aa4551d56dc355b3fc74665d989d9f84ef

Comment by Jess Mokrzecki [ 28/Feb/22 ]

Fix Version updated for upstream SERVER-46399:
5.3.0-rc0

Comment by PM Bot [ 08/Jan/22 ]

Downstream changes updated for upstream SERVER-46399:
Removes SCRAM-SHA-1 as an intra-cluster auth mechanism (the local.__system user), only SCRAM-SHA-256 is now supported.

Prior to this change it was possible to use both SCRAM-SHA-1 and SCRAM-SHA-256 to authenticate as local.__system, even if neither were explicitly enabled. This functionality now exists only for the SCRAM-SHA-256 mechanism.

Generated at Thu Feb 08 08:11:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.