Currently in 2.6, if MONGODB-CR is not configured as an allowed authMechanism (say the user wants to only allow PLAIN (LDAP)), an exception is made for the __system@local user so that keyfile authentication can take place.
In 2.8, the same exception is made for MONGODB-CR, but no exception is made for SCRAM-SHA-1.
An exception should be made for SCRAM-SHA-1 to prevent problems later on when MONGODB-CR is removed.
- is related to
-
SERVER-8461 mongod running with GSSAPI cannot be part of a replica set without MONGO-CR enabled
- Closed