Skip to content

Commit 946492a

Browse files
mongoKartmongoKart
committed
auth file
1 parent 06a1687 commit 946492a

File tree

1 file changed

+10
-27
lines changed

1 file changed

+10
-27
lines changed

source/security/auth.txt

Lines changed: 10 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -42,13 +42,8 @@ mechanisms.
4242
Default Authentication Mechanism
4343
--------------------------------
4444

45-
In MongoDB 3.0, MongoDB changed the default authentication mechanism
46-
from ``MONGODB-CR`` to ``SCRAM-SHA-1``. In MongoDB 4.0, support for
47-
the deprecated ``MONGODB-CR`` mechanism was removed and ``SCRAM-
48-
SHA-256`` support was added.
49-
5045
To create a credential that authenticates by using the default
51-
authentication mechanism, regardless of server version, create a
46+
authentication mechanism (``SCRAM-SHA-256``), create a
5247
credential by using the ``createCredential()`` static factory method:
5348

5449
.. code-block:: java
@@ -73,33 +68,24 @@ authentication mechanism:
7368

7469
MongoClient mongoClient = MongoClients.create("mongodb://user1:pwd1@host1/?authSource=db1");
7570

76-
For challenge and response mechanisms, using the default
77-
authentication mechanism is the recommended approach, as it makes
78-
upgrading from MongoDB 2.6 to MongoDB 3.0 more simple, even after
79-
upgrading the authentication schema. For MongoDB 4.0 users, using the
80-
default authentication mechanism is also recommended as the mechanisms are
81-
checked and the correct hashing algorithm is used.
71+
For challenge and response mechanisms, we recommend using the default
72+
authentication mechanism. This simplifies upgrades and ensures that the correct hashing
73+
algorithm is used.
8274

8375
SCRAM-Based Mechanisms
8476
----------------------
8577

86-
Salted Challenge-Response Authentication Mechanism (``SCRAM``) has been
87-
the default authentication mechanism for MongoDB since 3.0. ``SCRAM`` is
78+
Salted Challenge-Response Authentication Mechanism (``SCRAM``) is
8879
based on the `IETF RFC 5802
8980
<https://datatracker.ietf.org/doc/html/rfc5802>`__ standard that defines
9081
best practices for implementation of challenge-response mechanisms for authenticating
91-
users with passwords.
92-
93-
MongoDB 3.0 introduced support for ``SCRAM-SHA-1``, which uses the
94-
``SHA-1`` hashing function. MongoDB 4.0 introduced support for ``SCRAM-
95-
SHA-256`` which uses the ``SHA-256`` hashing function.
82+
users with passwords. MongoDB supports both ``SCRAM-SHA-1``, which uses the
83+
``SHA-1`` hashing function, and ``SCRAM-
84+
SHA-256``, which uses the ``SHA-256`` hashing function.
9685

9786
SCRAM-SHA-256
9887
~~~~~~~~~~~~~
9988

100-
Using this mechanism requires MongoDB 4.0 and
101-
``featureCompatibilityVersion`` to be set to 4.0.
102-
10389
To explicitly create a credential of type ``SCRAM-SHA-256``, use
10490
the ``createScramSha256Credential()`` method:
10591

@@ -149,7 +135,6 @@ To explicitly create a credential of type ``SCRAM-SHA-1``, use the
149135
Or, you can use a connection string that explicitly specifies
150136
``authMechanism=SCRAM-SHA-1``:
151137

152-
153138
.. code-block:: java
154139

155140
MongoClient mongoClient = MongoClients.create("mongodb://user1:pwd1@host1/?authSource=db1&authMechanism=SCRAM-SHA-1");
@@ -159,12 +144,10 @@ MONGODB-CR
159144

160145
.. important::
161146

162-
Starting in version 4.0, MongoDB removes support for the deprecated
147+
MongoDB no longer supports the deprecated
163148
MongoDB Challenge-Response (``MONGODB-CR``) authentication mechanism.
164-
165149
If your deployment has user credentials stored in a ``MONGODB-CR`` schema,
166-
you must upgrade to use a ``SCRAM``-based mechanism before you
167-
upgrade to version 4.0.
150+
you must upgrade to a ``SCRAM``-based mechanism.
168151

169152
To explicitly create a credential of type ``MONGODB-CR`` use the
170153
``createMongCRCredential()`` static factory method:

0 commit comments

Comments
 (0)