-
Type: New Feature
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Authentication
-
None
To support authentication upgrades from older versions of MongoDB to 2.8 the driver will use the following algorithm:
- If the application specifies a particular authMechanism (e.g. MONGODB-CR) the driver will continue to honor it.
- If the application provides a user and password but provides no explicit authMechanism, or calls the DB.authenticate method, the following applies:
- If connecting to a server whose version is >= 2.8, the driver will use SCRAM-SHA-1 (i.e. the driver's default mechanism is SCRAM-SHA-1)
- Otherwise the driver will use MONGODB-CR (i.e. the driver's default mechanism remains MONGODB-CR)
MongoDB 2.8 will always support SCRAM-SHA-1 if at least MONGODB-CR was specified in --authenticationMechanisms, so drivers do not have to "try and fall back". If SCRAM credentials don't yet exist for a user they will be created on-the-fly when the driver uses SCRAM-SHA-1 for mechanism.
- depends on
-
SERVER-7596 Support SCRAM-SHA-1 SASL Mechanism
- Closed
- is depended on by
-
DRIVERS-166 Implement the SCRAM-SHA-1 SASL Mechanism
- Closed