[DOCS-6342] Forcing MONGODB-CR auth mechanism in 3.0 silently enables SCRAM-SHA-1 Created: 08/Oct/15  Updated: 30/Oct/23  Resolved: 01/Nov/22

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: Server_Docs_20231030

Type: Improvement Priority: Trivial - P5
Reporter: Andrew Ryder (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 1 year, 14 weeks, 1 day ago
Epic Link: DOCSP-1769

 Description   

RE: http://docs.mongodb.org/manual/core/authentication/#mongodb-cr-authentication

Even if we restrict the only authenticationMechanisms to MONGODB-CR, SCRAM-SHA-1 is implicitly enabled on the wire protocol, and clients can log in using that (the server performs the conversion on-the-fly when needed). That is, it is not possible to restrict a MongoDB 3.0 server to accepting only MONGODB-CR. It will always accept SCRAM-SHA-1 if MONGODB-CR is specified in the authenticationMechanisms.

I'm not sure how to express that. Let me know if it isn't clear.



 Comments   
Comment by Education Bot [ 01/Nov/22 ]

Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!

Generated at Thu Feb 08 07:52:06 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.