Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-43853

Failed scram auth log message conflates multiple reasons

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Minor - P4 Minor - P4
    • 4.3.1
    • Affects Version/s: 4.0.12
    • Component/s: None
    • None
    • Minor Change
    • ALL
    • Security 2019-11-04

      In debugging an auth-related failure today, I came across the following message in mongod log:

      2019-10-04T17:21:51.803-0400 I ACCESS [conn379] SASL SCRAM-SHA-256 authentication failed for dev on admin from client 127.0.0.1:55716 ; AuthenticationFailed: Unable to perform SCRAM authentication for a user with missing or invalid SCRAM credentials

      This message conflates two non-overlapping failure modes:

      1. The credentials were missing, and thus scram authentication was not attempted.
      2. Credentials were supplied, authentication was attempted, credentials were found to be invalid.

      Each of these failure modes should have its own, separate log message.

      I used a 4.0 server for the test but master appears to have the same message string in it.

            Assignee:
            sara.golemon@mongodb.com Sara Golemon
            Reporter:
            oleg.pudeyev@mongodb.com Oleg Pudeyev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: