To support authentication upgrades from older versions of MongoDB to 2.8 the driver will use the following algorithm:

• If the application specifies a particular authMechanism (e.g. MONGODB-CR) the driver will continue to honor it.
• If the application provides a user and password but provides no explicit authMechanism, or calls the DB.authenticate method, the following applies:
  • If connecting to a server whose version is >= 2.8, the driver will use SCRAM-SHA-1 (i.e. the driver's default mechanism is SCRAM-SHA-1)
  • Otherwise the driver will use MONGODB-CR (i.e. the driver's default mechanism remains MONGODB-CR)

MongoDB 2.8 will always support SCRAM-SHA-1 if at least MONGODB-CR was specified in --authenticationMechanisms, so drivers do not have to "try and fall back". If SCRAM credentials don't yet exist for a user they will be created on-the-fly when the driver uses SCRAM-SHA-1 for mechanism.