SERVER-46399 remove fallback SCRAM-SHA-1 for internalSecurity.user

2 files changed, 2 insertions, 5 deletions

diff --git a/src/mongo/db/stats/counters.cpp b/src/mongo/db/stats/counters.cpp
index d1a0640315a..79ab8fe1a1b 100644
--- a/src/mongo/db/stats/counters.cpp
+++ b/src/mongo/db/stats/counters.cpp
@@ -226,11 +226,8 @@ void AuthCounter::initializeMechanismMap(const std::vector<std::string>& mechani
     // Ensure it's always included in counts.
     addMechanism(auth::kMechanismMongoX509.toString());
 
-    // SERVER-46399 Use only configured SASL mechanisms for intra-cluster auth.
-    // It's possible for intracluster auth to use a default fallback mechanism of SCRAM-SHA-1/256
+    // It's possible for intracluster auth to use a default fallback mechanism of SCRAM-SHA-256
     // even if it's not configured to do so.
-    // Explicitly add these to the map for now so that they can be incremented if this happens.
-    addMechanism(auth::kMechanismScramSha1.toString());
     addMechanism(auth::kMechanismScramSha256.toString());
 }
 
diff --git a/src/mongo/shell/utils_auth.js b/src/mongo/shell/utils_auth.js
index 9ad340e950b..e1313bbad73 100644
--- a/src/mongo/shell/utils_auth.js
+++ b/src/mongo/shell/utils_auth.js
@@ -114,7 +114,7 @@ authutil.asCluster = function(conn, keyfile, action) {
 
         authutil.assertAuthenticate(conn, 'admin', {
             user: '__system',
-            mechanism: 'SCRAM-SHA-1',
+            mechanism: 'SCRAM-SHA-256',  // SERVER-46399: only SCRAM-SHA-256 supported as fallback
             pwd: cat(keyfile).replace(/[\011-\015\040]/g, '')
         });
     } else if (authMode === 'x509' || authMode === 'sendX509') {