Principal names should be treated as in SCRAM-SHA-1. The server should:
1) Not perform normalization of usernames during SCRAM-SHA-256
authentication. Usernames provided by clients would be used as-is. This
is the behavior of SCRAM-SHA-1 today.
2) Continue to normalize passwords when used with SCRAM-SHA-256. This
is more important that the normalization of user names. The byte
representation of user names can be recovered from the database itself.
The byte representation of the password cannot, after it's been
processed into a credential.
3) Allow createUser to be performed on a SCRAM-SHA-256 user with an
unnormalized name.
- duplicates
-
SERVER-33836 Make createUser perform SaslPrep normalization
- Closed