[DOCS-15627] Denote default SCRAM as SHA-256 in docs somewhere Created: 13/Sep/22 Updated: 30/Oct/23 Resolved: 26/Jul/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual, Server |
| Affects Version/s: | None |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Matthew Javaly | Assignee: | Nick Villahermosa |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | server-docs-bug-bash | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 28 weeks ago |
| Epic Link: | DOCSP-11702 |
| Description |
|
I was trying to figure out which authentication mechanism that new users would use by default, and it looks like SCRAM-SHA-256 is the default for 4.4 and 5.0. I couldn't determine this value from the logs in 4.2. I think it would be useful to include this in the logs, so that customers know if they are not specifying authMechanism in the URI string, their db users will use SHA-256: I'm not sure if it's important, but without specifying anything in the db.createUser command about the auth mechanism, the users all get created with SHA-1 and SHA-256 under the "mechanisms" field. |
| Comments |
| Comment by Nick Villahermosa [ 26/Jul/23 ] |
|
Backported to 6.3, 6.0, 5.0, 4.4 |
| Comment by Nick Villahermosa [ 25/Jul/23 ] |
|
https://github.com/mongodb/docs-mongodb-shell/pull/274 merged to docs-mongodb-shell |
| Comment by Matthew Javaly [ 13/Sep/22 ] |
|
Also, I think this page needs to be updated: The page says that the default value for this option is SCRAM-SHA-1, but when I connected to MongoDB 4.4 with a database user that had both SCRAM-SHA-1 and SCRAM-SHA-256 in "mechanisms", the mongosh shell used SCRAM-SHA-256. When I connected with a database user that had only SCRAM-SHA-1, the log file has an "Authentication failed" message from trying SCRAM-SHA-256 first, and then a "Successful authentication" from trying SCRAM-SHA-1 afterward. |