SERVER-32978 Advertise SCRAM-SHA-256 authentication for the internal user

1 files changed, 7 insertions, 6 deletions

diff --git a/src/mongo/db/auth/sasl_scram_server_conversation.cpp b/src/mongo/db/auth/sasl_scram_server_conversation.cpp
index 0e11a6238bf..5d91a26466b 100644
--- a/src/mongo/db/auth/sasl_scram_server_conversation.cpp
+++ b/src/mongo/db/auth/sasl_scram_server_conversation.cpp
@@ -180,16 +180,17 @@ StatusWith<std::tuple<bool, std::string>> SaslSCRAMServerMechanism<Policy>::_fir
     }
     const auto clientNonce = input[1].substr(2);
 
+    UserName user(ServerMechanismBase::ServerMechanismBase::_principalName,
+                  ServerMechanismBase::getAuthenticationDatabase());
 
-    // SERVER-16534, SCRAM-SHA-1 must be enabled for authenticating the internal user, so that
+    // SERVER-16534, some mechanisms must be enabled for authenticating the internal user, so that
     // cluster members may communicate with each other. Hence ignore disabled auth mechanism
     // for the internal user.
-    UserName user(ServerMechanismBase::ServerMechanismBase::_principalName,
-                  ServerMechanismBase::getAuthenticationDatabase());
-    if (Policy::getName() == "SCRAM-SHA-1"_sd &&
-        !sequenceContains(saslGlobalParams.authenticationMechanisms, "SCRAM-SHA-1") &&
+    if (Policy::isInternalAuthMech() &&
+        !sequenceContains(saslGlobalParams.authenticationMechanisms, Policy::getName()) &&
         user != internalSecurity.user->getName()) {
-        return Status(ErrorCodes::BadValue, "SCRAM-SHA-1 authentication is disabled");
+        return Status(ErrorCodes::BadValue,
+                      str::stream() << Policy::getName() << " authentication is disabled");
     }
 
     // The authentication database is also the source database for the user.