[SERVER-29554] Allow any user/authentication to succeed when authentication is disabled Created: 11/Jun/17  Updated: 27/Oct/23  Resolved: 13/Jun/17

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 3.4.4
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Chris Kuethe Assignee: Mark Agarunov
Resolution: Works as Designed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

2017-06-11T16:41:02.251-0700 I ACCESS [conn22] SCRAM-SHA-1 authentication failed for dbuser on mydb from client 127.0.0.1:33088 ; UserNotFound: Could not find user dbuser@mydb

However I have authentication disabled while I'm trying to recover some databases and I don't want to mess around with credentials in my scripts before I get all my data back



 Comments   
Comment by Mark Agarunov [ 13/Jun/17 ]

Hello chris.kuethe@gmail.com,

Thank you for the report. The behavior you are seeing is intentional; when authentication isn't enabled, it becomes optional, not disabled. Therefore any authentication attempts are still verified and you must use valid credentials or none at all.

Please note that SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag. A question like this involving more discussion would be best posted on the mongodb-user group.

Thanks,
Mark

Generated at Thu Feb 08 04:21:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.