We need to explicitly declare requiresAuth=false if we want commands that run without authentication to work with implicit sessions. We should review the below list of commands to make sure they do so.

Quoting SERVER-35753, the following commands should explicitly set requiresAuth to return false, so they may be run by unauthenticated clients:

• saslStart
• saslContinue
• authenticate
• getnonce
• connectionStatus
• buildInfo
• ping
• listCommands (but we rather it weren't per SERVER-35482)
• resetError
• getLastError
• getPrevError
• shutdown (but still has an auth check)
• ismaster
• whatsmyuri (internal)
• _isSelf (internal)

And the test only commands that don't require auth:

• configureFailPoint
• echo
• refreshLogicalSessionCacheNow
• waitForOngoingChunkSplits

We should investigate if any of these commands don't set requiresAuth to be false.