diff options
author | Adam Rayner <adam.rayner@gmail.com> | 2021-11-29 17:52:30 +0000 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2021-11-29 18:49:38 +0000 |
commit | 7fa11ee0e0d8d283cc12bdebdd4940731d1536f1 (patch) | |
tree | 2c613de8ae377bd2e6a9c8b1b8652bb90481289b /src/mongo | |
parent | f64c8ccebbae5ce9071497fae7efeffe5b0c6169 (diff) | |
download | mongo-7fa11ee0e0d8d283cc12bdebdd4940731d1536f1.tar.gz |
SERVER-46399 remove fallback SCRAM-SHA-1 for internalSecurity.user
Diffstat (limited to 'src/mongo')
-rw-r--r-- | src/mongo/db/stats/counters.cpp | 5 | ||||
-rw-r--r-- | src/mongo/shell/utils_auth.js | 2 |
2 files changed, 2 insertions, 5 deletions
diff --git a/src/mongo/db/stats/counters.cpp b/src/mongo/db/stats/counters.cpp index d1a0640315a..79ab8fe1a1b 100644 --- a/src/mongo/db/stats/counters.cpp +++ b/src/mongo/db/stats/counters.cpp @@ -226,11 +226,8 @@ void AuthCounter::initializeMechanismMap(const std::vector<std::string>& mechani // Ensure it's always included in counts. addMechanism(auth::kMechanismMongoX509.toString()); - // SERVER-46399 Use only configured SASL mechanisms for intra-cluster auth. - // It's possible for intracluster auth to use a default fallback mechanism of SCRAM-SHA-1/256 + // It's possible for intracluster auth to use a default fallback mechanism of SCRAM-SHA-256 // even if it's not configured to do so. - // Explicitly add these to the map for now so that they can be incremented if this happens. - addMechanism(auth::kMechanismScramSha1.toString()); addMechanism(auth::kMechanismScramSha256.toString()); } diff --git a/src/mongo/shell/utils_auth.js b/src/mongo/shell/utils_auth.js index 9ad340e950b..e1313bbad73 100644 --- a/src/mongo/shell/utils_auth.js +++ b/src/mongo/shell/utils_auth.js @@ -114,7 +114,7 @@ authutil.asCluster = function(conn, keyfile, action) { authutil.assertAuthenticate(conn, 'admin', { user: '__system', - mechanism: 'SCRAM-SHA-1', + mechanism: 'SCRAM-SHA-256', // SERVER-46399: only SCRAM-SHA-256 supported as fallback pwd: cat(keyfile).replace(/[\011-\015\040]/g, '') }); } else if (authMode === 'x509' || authMode === 'sendX509') { |