[SERVER-34446] Remove SASLPrep normalization of principal names used in SCRAM-SHA-256 Created: 12/Apr/18  Updated: 29/Oct/23  Resolved: 13/Apr/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.7.4

Type: Task Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-11603 Docs for SERVER-34446: Remove SASLPre... Closed
Duplicate
duplicates SERVER-33836 Make createUser perform SaslPrep norm... Closed
Backwards Compatibility: Fully Compatible
Sprint: Platforms 2018-04-23
Participants:

 Description   

Principal names should be treated as in SCRAM-SHA-1. The server should:

1) Not perform normalization of usernames during SCRAM-SHA-256
authentication. Usernames provided by clients would be used as-is. This
is the behavior of SCRAM-SHA-1 today.
2) Continue to normalize passwords when used with SCRAM-SHA-256. This
is more important that the normalization of user names. The byte
representation of user names can be recovered from the database itself.
The byte representation of the password cannot, after it's been
processed into a credential.
3) Allow createUser to be performed on a SCRAM-SHA-256 user with an
unnormalized name.



 Comments   
Comment by Githook User [ 13/Apr/18 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-34446: Remove normalization of SCRAM-SHA-256 prinicpal names
Branch: master
https://github.com/mongodb/mongo/commit/ad3671a64bd8958370a4aeaf93fe00d2d1272e3a

Generated at Thu Feb 08 04:36:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.