[SERVER-44857] Shorter SCRAM conversation Created: 26/Nov/19 Updated: 29/Oct/23 Resolved: 16/Jan/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.3.3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Sara Golemon |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Sprint: | Security 2019-12-16, Security 2019-12-30, Security 2019-01-13, Security 2019-01-27 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
We should investigate what work needs to be done to perform SCRAM authentication attempts in fewer roundtrips. |
| Comments |
| Comment by Jeffrey Yemin [ 24/Jan/20 ] | ||||||
|
Clients can opt in to the the shorter SCRAM conversation with the following saslStart command:
Note that older server versions will ignore the options, so no wire version check is required. The options can be sent to all server versions. Older server versions will just continue to use the longer SASL conversations, so clients needing to authenticate to pre-4.4 servers have to be able to handle both types of exchanges. | ||||||
| Comment by Githook User [ 16/Jan/20 ] | ||||||
|
Author: {'name': 'Sara Golemon', 'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon'}Message: |