[SERVER-43853] Failed scram auth log message conflates multiple reasons Created: 04/Oct/19 Updated: 29/Oct/23 Resolved: 24/Oct/19 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | 4.0.12 |
| Fix Version/s: | 4.3.1 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Oleg Pudeyev (Inactive) | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Minor Change | ||||||||
| Operating System: | ALL | ||||||||
| Sprint: | Security 2019-11-04 | ||||||||
| Participants: | |||||||||
| Description |
|
In debugging an auth-related failure today, I came across the following message in mongod log: 2019-10-04T17:21:51.803-0400 I ACCESS [conn379] SASL SCRAM-SHA-256 authentication failed for dev on admin from client 127.0.0.1:55716 ; AuthenticationFailed: Unable to perform SCRAM authentication for a user with missing or invalid SCRAM credentials This message conflates two non-overlapping failure modes: 1. The credentials were missing, and thus scram authentication was not attempted. Each of these failure modes should have its own, separate log message. I used a 4.0 server for the test but master appears to have the same message string in it. |
| Comments |
| Comment by Githook User [ 24/Oct/19 ] |
|
Author: {'name': 'Sara Golemon', 'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com'}Message: |
| Comment by Sara Golemon [ 23/Oct/19 ] |
|
To clarify, #2 is actually we have invalid credential data stored in our authentication database. This is an unlikely case which requires the DBA to be doing something misbehavey. I do agree that the error message is suboptimal from a user standpoint. I'll rethink how we surface these cases. |