-
Type: New Feature
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Authentication
-
None
The next version of MongoDB will include SCRAM-SHA-256 as an authentication type. This is defined in RFC 7677. The sample conversation from the RFC is:
This is a simple example of a SCRAM-SHA-256 authentication exchange... The username 'user' and password 'pencil' are being used C: n,,n=user,r=rOprNGfwEbeRWgbNEkqO S: r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0, s=W22ZaJ0SNY7soEsUEjb6gQ==,i=4096 C: c=biws,r=rOprNGfwEbeRWgbNEkqO%hvYDpWUa2RaTCAfuxFIlj)hNlF$k0, p=dHzbZapWIk4jUhN+Ute9ytag9zjfMHgsqmmiz7AndVQ= S: v=6rriTRBi23WpRR/wtup+mMhUZUn/dB5nLTJRsjl95G4=
In advance of updates to the Auth spec, which will include additional details of mechanism negotiation and user/password normalization (see DRIVERS-444), all drivers should take steps now to ensure their SCRAM libraries are capable of operating in SHA-256 mode, using the sample conversation for verification. (You'll need for force the client nonce to be "rOprNGfwEbeRWgbNEkqO" for the test conversation to work.)
- is depended on by
-
DRIVERS-439 SCRAM-SHA-256 Support
- Closed
- is duplicated by
-
GODRIVER-367 Update SCRAM-SHA-256 implementation and tests for spec change
- Closed
- is related to
-
GODRIVER-3062 Scram Authenticator will add password string to error message
- Closed