[SERVER-7596] Support SCRAM-SHA-1 SASL Mechanism Created: 08/Nov/12  Updated: 11/Jul/16  Resolved: 22/Oct/14

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.7.8

Type: New Feature Priority: Major - P3
Reporter: Andy Schwerin Assignee: Andreas Nilsson
Resolution: Done Votes: 0
Labels: pull-request
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-14830 SCRAM-SHA-1 conversations fail to com... Closed
depends on SERVER-15177 Use native SCRAM-SHA-1 in Enterprise ... Closed
is depended on by JAVA-828 Support SASL SCRAM-SHA1 authentication Closed
is depended on by JAVA-1461 Support authentication mechanism nego... Closed
is depended on by CSHARP-990 Implement SCRAM-SHA-1 Authentication ... Closed
is depended on by DRIVERS-166 Implement the SCRAM-SHA-1 SASL Mechanism Closed
is depended on by SERVER-7648 Support Use of FIPS 140-2 Compliant C... Closed
Related
related to SERVER-15270 Starting mongod with SCRAM-SHA-1 does... Closed
related to SERVER-2360 Add a stronger password authenticatio... Closed
related to SERVER-15330 Bump maxWireProtocolVersion for 2.8 f... Closed
related to DOCS-4056 Updates for SCRAM-SHA-1 support Closed
is related to SERVER-16167 2.8.0-rc0 shell can't auth to a 2.4 s... Closed
Tested
Participants:

 Description   

This protocol is a cryptographically more sophisticated variant of Mongo's basic authentication. Mongo still stores a hash of the user's password and it uses a challenge-response protocol. It will have the advantage for some users of being a well-known and studied protocol.



 Comments   
Comment by Githook User [ 17/Dec/14 ]

Author:

{u'username': u'amidvidy', u'name': u'Adam Midvidy', u'email': u'amidvidy@gmail.com'}

Message: SERVER-7596 fix typo in server's SASL mechanism error message

Signed-off-by: Mark Benvenuto <mark.benvenuto@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/3077abf30145174c4cab2779de7a621c2dd42062

Comment by Githook User [ 06/Nov/14 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@emptysquare.net'}

Message: SERVER-7596 Typo in shell's SASL auth error message.

Closes #863

Signed-off-by: Benety Goh <benety@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/b144964acc83e3223900b09560edd8d8e025a625

Comment by Githook User [ 06/Nov/14 ]

Author:

{u'username': u'ajdavis', u'name': u'A. Jesse Jiryu Davis', u'email': u'jesse@emptysquare.net'}

Message: SERVER-7596 Typo in SCRAM-SHA-1 auth failure message.

Closes #859

Signed-off-by: Benety Goh <benety@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/f1655ad69b11abdde521d4bc2e7cfcd40e41eab3

Comment by Githook User [ 04/Nov/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Fix sharding/auth.js test to use SCRAM-SHA-1
Branch: master
https://github.com/mongodb/mongo/commit/2a741dfecb4fa1ee894ddbfc81b21f42687bc46f

Comment by Githook User [ 04/Nov/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Make authSchemaVersion 28Final if no user docs
Branch: master
https://github.com/mongodb/mongo/commit/666d7d2af4c480bb5691eebde2b04a01e9366ea8

Comment by Githook User [ 10/Oct/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Let authenticationMechanisms=MONGODB-CR imply SCRAM-SHA-1

The rational is to be backwards compatible with a configuration entry
such as: --setParameter authenticationMechanisms=MONGODB-CR in schema
version schemVersion28Final.
Branch: master
https://github.com/mongodb/mongo/commit/3cc39237e2e9d7f978ce33f82a61d13e4941c0fd

Comment by Githook User [ 25/Sep/14 ]

Author:

{u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}

Message: SERVER-7596 Clean up license headers to remove extraneous sentence.
Branch: master
https://github.com/mongodb/mongo/commit/f23e92530e7356fa1959aac0f15cac526e46109f

Comment by Githook User [ 22/Sep/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Make SCRAM mechanism code independent db/
Branch: master
https://github.com/mongodb/mongo/commit/5376c8ad356acc9e43e0b5e1c6cda995ea209ddf

Comment by Githook User [ 17/Sep/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Removed trailing whitespaces
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/e5469fe6f25c6563553de6ab03c678e0448c3396

Comment by Githook User [ 17/Sep/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Removed trailing whitespaces
Branch: master
https://github.com/mongodb/mongo/commit/6b20b7dca19f3597978031fb7dc301380b29bf09

Comment by Githook User [ 16/Sep/14 ]

Author:

{u'username': u'bjori', u'name': u'Hannes Magnusson', u'email': u'bjori@10gen.com'}

Message: SERVER-7596 Fix the replacement order of , and = in the SCRAM user name

If we replace , with =2C first and then replace = with =3D then , becomes =3D2C rather then staying =2C

Closes #772

Signed-off-by: Benety Goh <benety@mongodb.com>
Branch: master
https://github.com/mongodb/mongo/commit/26f7a7f1d5d5a0b88e2b71a1c68b8c8600db7029

Comment by Githook User [ 11/Sep/14 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Fixed compile error
Branch: master
https://github.com/mongodb/mongo/commit/ce1b3133897aa1f396a1630413d39a3ce8b026de

Comment by Githook User [ 10/Sep/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Native SCRAM-SHA-1 client/shell implementation
Branch: master
https://github.com/mongodb/mongo/commit/ac611b47d4f9edc7a576e52735a0edf0bde9f989

Comment by Githook User [ 04/Sep/14 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 SASL client code refactor for SCRAM
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/cb47729e3f5e62a28a592ba3e876b8abf40228f1

Comment by Githook User [ 04/Sep/14 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 SASL client code refactor for SCRAM
Branch: master
https://github.com/mongodb/mongo/commit/c14c1f113d56da4e32ac13a123028c916f0c8cff

Comment by Githook User [ 28/Aug/14 ]

Author:

{u'name': u'Andreas Nilsson', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Fixed sasl_authentication_session_test failure
Branch: master
https://github.com/mongodb/mongo/commit/807f8b61127670c57ed65ffa5bc9ccafed4f26d3

Comment by Githook User [ 28/Aug/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Fixed error number
Branch: master
https://github.com/mongodb/mongo/commit/6250f6da8b0713759a402caef66c110822361390

Comment by Githook User [ 28/Aug/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Native SCRAM-SHA-1 server side support
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/7af7c47c8740484688cceb9f096b58b2633824fa

Comment by Githook User [ 23/Jul/14 ]

Author:

{u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}

Message: SERVER-7596 Refactor of SaslAuthenticationSession
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/d17d77ad38beeba37e188e1005fcd7f908e3c377

Comment by Githook User [ 16/Jul/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: Revert "SERVER-7596 Refactor of SaslAuthenticationSession"

This reverts commit 218d85c5209271a8335e90c28475335a79d8f192.
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/c0a2f1bb0ce085a96de6aac93088bd341149105b

Comment by Githook User [ 16/Jul/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Refactor of SaslAuthenticationSession
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/218d85c5209271a8335e90c28475335a79d8f192

Comment by Githook User [ 16/Jun/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 SCRAM-SHA-1 updateUser command support
Branch: master
https://github.com/mongodb/mongo/commit/c801fb985c55b21bdc29f0db3a9720aa71990ffc

Comment by Githook User [ 11/Jun/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Fixed copyright years
Branch: master
https://github.com/mongodb/mongo/commit/96e18da735d531716a8d6e96bb1664b9d8ca6d17

Comment by Githook User [ 30/May/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Basic support for SCRAM-SHA1 using Cyrus SASL
Branch: master
https://github.com/mongodb/mongo/commit/01537e280a2f7bb50ea45ee1f9f34db3ec4c00e8

Comment by Githook User [ 30/May/14 ]

Author:

{u'name': u'Andreas', u'email': u'agralius@gmail.com'}

Message: SERVER-7596 Basic support for SCRAM-SHA1 using Cyrus SASL
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/c8b00cee9d46d773dd3fcb611d1bac411a4601ee

Generated at Thu Feb 08 03:15:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.