[SERVER-16534] SCRAM-SHA-1 auth mechanism should be allowed for __system@local user even if SCRAM-SHA-1 is not configured as an authMechanism Created: 12/Dec/14  Updated: 12/Jan/15  Resolved: 23/Dec/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.8.0-rc2
Fix Version/s: 2.8.0-rc4

Type: Bug Priority: Major - P3
Reporter: Timothy Olsen (Inactive) Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-8461 mongod running with GSSAPI cannot be ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Currently in 2.6, if MONGODB-CR is not configured as an allowed authMechanism (say the user wants to only allow PLAIN (LDAP)), an exception is made for the __system@local user so that keyfile authentication can take place.

In 2.8, the same exception is made for MONGODB-CR, but no exception is made for SCRAM-SHA-1.

An exception should be made for SCRAM-SHA-1 to prevent problems later on when MONGODB-CR is removed.



 Comments   
Comment by Githook User [ 12/Jan/15 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-16534 Verify __system user auth with pw mechanism disabled
Branch: master
https://github.com/mongodb/mongo/commit/078169dbca5b23adc03ef5b16a1327a0cfd55b91

Comment by Githook User [ 17/Dec/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-16534 SCRAM-SHA-1 should always be enabled for internal user
Branch: master
https://github.com/mongodb/mongo/commit/1045c5a2c204632a453dc68e1abb870a31fdc25b

Generated at Thu Feb 08 03:41:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.