[SERVER-15270] Starting mongod with SCRAM-SHA-1 does't actually create SCRAM-SHA-1 credentials Created: 16/Sep/14  Updated: 17/Sep/14  Resolved: 17/Sep/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.7.7
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Hannes Magnusson Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: pull-request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
duplicates SERVER-15177 Use native SCRAM-SHA-1 in Enterprise ... Closed
duplicates SERVER-15178 Implement native SHA-1 and HMAC algor... Closed
Related
is related to SERVER-7596 Support SCRAM-SHA-1 SASL Mechanism Closed
Operating System: ALL
Steps To Reproduce:

$ scons -j 30 mongo mongod mongos mongorestore mongodump && mkdir 2014-09-16-nossl && mv  mongo mongod mongos mongorestore mongodump 2014-09-16-nossl/

$ ./2014-09-16-nossl/mongod --smallfiles --setParameter authenticationMechanisms=SCRAM-SHA-1 --dbpath /srv/2.8

$ ./2014-09-16-nossl/mongo

> use admin

switched to db admin

> db.createUser({user: 'admin', pwd: 'pass', roles: [{role: 'root', db: 'admin'}]})

Successfully added user: {
	"user" : "admin",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

>  db.auth({user:"admin", pwd:"pass", mechanism:"SCRAM-SHA-1"})

Error: 1 The server is not compiled with SSL support

restarting mongod without --auth and then fire up mongo shell again:

> db.system.users.findOne()

{
	"_id" : "admin.admin",
	"user" : "admin",
	"db" : "admin",
	"credentials" : {
		"MONGODB-CR" : "e4e538f5dcb52537cad02bbf8491693c"
	},
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

>

Participants:

 Description   

When mongod is compiled without OpenSSL support it does not support SCRAM-SHA-1.

Yet, it will happily accept it as authenticationMechanisms=SCRAM-SHA-1 where as it should fail to startup.



 Comments   
Comment by Amalia Hawkins [ 17/Sep/14 ]

This is covered by the work ongoing in SERVER-15177 and SERVER-15178.

Generated at Thu Feb 08 03:37:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.