[DRIVERS-439] SCRAM-SHA-256 Support Created: 17/Jan/18 Updated: 28/Oct/23 Resolved: 23/Aug/18 |
|
| Status: | Closed |
| Project: | Drivers |
| Component/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Rathi Gnanasekaran | Assignee: | Rathi Gnanasekaran |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Server Compat: | 4.0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Start date: | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
|
Update 2018-03-01: the updated auth spec is now available. Testing will require a master nightly server release (or waiting for 3.7.3). Original: The next version of MongoDB will include SCRAM-SHA-256 as an authentication type. This is defined in RFC 7677. The sample conversation from the RFC is:
In advance of updates to the Auth spec, which will include additional details of mechanism negotiation and user/password normalization (see Drivers should validate when they have an RFC-7677 compliant SCRAM-SHA-256 implementation. An additional drivers ticket will be opened for Auth Spec changes based on the server's actual implementation. As of MongoDB 3.7.3 it is possible to create SCRAM-SHA-256 users for testing and development:
The server has to be in 4.0 feature compatibility mode for SCRAM-SHA-256 credentials to be created. See ------------------ Update 2/22 - The default FCV is now 4.0 in MongoDB master, enabling SCRAM-SHA-256 support by default. |
| Comments |
| Comment by Githook User [ 17/Apr/18 ] |
|
Author: {'name': 'Ross Lawley', 'email': 'ross.lawley@gmail.com', 'username': 'rozza'}Message: Clarified defaults for auth mechanisms Normalized the test cases SPEC-1042 SPEC-818 |