[DOCS-6342] Forcing MONGODB-CR auth mechanism in 3.0 silently enables SCRAM-SHA-1 Created: 08/Oct/15 Updated: 30/Oct/23 Resolved: 01/Nov/22 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual, Server |
| Affects Version/s: | None |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Improvement | Priority: | Trivial - P5 |
| Reporter: | Andrew Ryder (Inactive) | Assignee: | Kay Kim (Inactive) |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Days since reply: | 1 year, 14 weeks, 1 day ago | ||||
| Epic Link: | DOCSP-1769 | ||||
| Description |
|
RE: http://docs.mongodb.org/manual/core/authentication/#mongodb-cr-authentication Even if we restrict the only authenticationMechanisms to MONGODB-CR, SCRAM-SHA-1 is implicitly enabled on the wire protocol, and clients can log in using that (the server performs the conversion on-the-fly when needed). That is, it is not possible to restrict a MongoDB 3.0 server to accepting only MONGODB-CR. It will always accept SCRAM-SHA-1 if MONGODB-CR is specified in the authenticationMechanisms. I'm not sure how to express that. Let me know if it isn't clear. |
| Comments |
| Comment by Education Bot [ 01/Nov/22 ] |
|
Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you! |