Fixed the problem: the user was not created for Mongodb 4.x#561
Merged
ekohl merged 1 commit intovoxpupuli:masterfrom Nov 25, 2019
Merged
Fixed the problem: the user was not created for Mongodb 4.x#561ekohl merged 1 commit intovoxpupuli:masterfrom
ekohl merged 1 commit intovoxpupuli:masterfrom
Conversation
When creating a user, a password hash is used and the "digestPassword" option is set to "false". By default in Mongodb 4.x the parameter "mechanisms" is set to ["SCRAM-SHA-1","SCRAM-SHA-256"], but according to the documentation (https://docs.mongodb.com/manual/reference/command/createUser/ ) for SCRAM-SHA-256 "digestPassword" cannot be "false". Example: $ mongo admin --quiet --host 127.0.0.1:27017 --eval "load('/root/.mongorc.js'); db.runCommand({\"createUser\":\"test\",\"pwd\":\"398fefcb5925a718fd0c812bbeb7e101\",\"customData\":{\"createdBy\":\"Puppet Mongodb_user['test']\"},\"roles\":[\"clusterMonitor\"],\"digestPassword\":false})" output: { "ok" : 0, "errmsg" : "Use of SCRAM-SHA-256 requires undigested passwords", "code" : 2, "codeName" : "BadValue" } If you remove SCRAM-SHA-256, it works correctly: $ mongo admin --quiet --host 127.0.0.1:27017 --eval "load('/root/.mongorc.js'); db.runCommand({\"createUser\":\"test\",\"pwd\":\"398fefcb5925a718fd0c812bbeb7e101\",\"customData\":{\"createdBy\":\"Puppet Mongodb_user['test']\"},\"roles\":[\"clusterMonitor\"],\"digestPassword\":false, \"mechanisms\":[\"SCRAM-SHA-1\"]})" output: { "ok" : 1 } Thus, you need to add SCRAM-SHA-256 support, not use "password_hash" and set digestPassword to "true", or just use SCRAM-SHA-1, which seemed to me the simplest solution, which does not require global changes.
identw
force-pushed
the
fix-create-user-for-4x-versions
branch
from
7d1b695 to
a7e21ae
Compare
ekohl
approved these changes
Nov 25, 2019
Member
|
Thanks! |
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When creating a user, a password hash is used and the "digestPassword" option is set to "false". By default in Mongodb 4.x the parameter "mechanisms" is set to ["SCRAM-SHA-1","SCRAM-SHA-256"], but according to the documentation (https://docs.mongodb.com/manual/reference/command/createUser/ ) for SCRAM-SHA-256 "digestPassword" cannot be "false".
Example:
output:
If you remove SCRAM-SHA-256, it works correctly:
output:
Thus, you need to add SCRAM-SHA-256 support, not use "password_hash" and set digestPassword to "true", or just use SCRAM-SHA-1, which seemed to me the simplest solution, which does not require global changes.
Fixes #525