[SERVER-41152] A space in the authenticationMechanisms string should produce at least a warning message Created: 15/May/19  Updated: 29/Oct/23  Resolved: 20/Jun/19

Status: Closed
Project: Core Server
Component/s: Logging, Security
Affects Version/s: None
Fix Version/s: 4.2.0-rc4, 4.0.12, 4.3.1

Type: Improvement Priority: Minor - P4
Reporter: Emilio Scalise Assignee: Jason Piao (Inactive)
Resolution: Fixed Votes: 1
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Backwards Compatibility: Fully Compatible
Backport Requested:
v4.2, v4.0
Sprint: Security 2019-06-03, Security 2019-06-17, Security 2019-07-01
Participants:
Case:

 Description   

The security.authenticationMechanisms parameter (as documented here) requires that "If you specify multiple values, use a comma-separated list and no spaces."

If you put a space like for example:

authenticationMechanisms: "SCRAM-SHA-256, GSSAPI"

SCRAM-SHA-256 will be enabled and GSSAPI not in a silent way. This can trick users and who needs to troubleshoot this.

It would be nice to have a warning message that warns you that you have a space in the authenticationMechanisms parameter string and all the auth mechanisms specified may have not been enabled because of that.



 Comments   
Comment by Githook User [ 30/Jul/19 ]

Author:

{'name': 'Jason Piao', 'email': 'jason.piao@Jasons-MacBook-Pro.local'}

Message: SERVER-41152 strip white space from auth mechanisms

(cherry picked from commit c31362708f26397dd20818ab780a5180e257d5a7)
Branch: v4.0
https://github.com/mongodb/mongo/commit/f00c50b874953f879ad9b642b7d7b2892eb78429

Comment by Githook User [ 23/Jul/19 ]

Author:

{'name': 'Jason Piao', 'email': 'jason.piao@Jasons-MacBook-Pro.local'}

Message: SERVER-41152 strip white space from auth mechanisms

(cherry picked from commit c31362708f26397dd20818ab780a5180e257d5a7)
Branch: v4.2
https://github.com/mongodb/mongo/commit/715554ffc1b71d646bb9ced3ae666b45f913b1d1

Comment by Githook User [ 19/Jun/19 ]

Author:

{'name': 'Jason Piao', 'email': 'jason.piao@Jasons-MacBook-Pro.local'}

Message: SERVER-41152 strip white space from auth mechanisms
Branch: master
https://github.com/mongodb/mongo/commit/c31362708f26397dd20818ab780a5180e257d5a7

Generated at Thu Feb 08 04:56:57 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.