SCRAM-SHA is not disabled and this seems like an Atlas bug.
Currently, Atlas does not support
SCRAM-SHA-256, but does support
SCRAM-SHA-1. Notably, MongoDB authentication protocols do not use
SHA-1 as a raw hash function for passwords or digital signatures, but rather as an HMAC construction in, e.g., SASL SCRAM-SHA-1. While many common uses of SHA-1 have been deprecated or sunset by standards organizations, these do not typically apply to HMAC functions.
At the access log there are randomly error messages: BadValue: SCRAM-SHA-256 authentication is disabled.
Just to clarify, is the above message you’re seeing within the Database Access History section?
This happens 100% of the time with mms-automation from localhost
mms-automation user is used for Atlas internal automation tasks including monitoring. The source of this message is that
mms-automation user initially attempts authentication using
SCRAM-SHA-256 which Atlas doesn’t support, causing the “BadValue: SCRAM-SHA-256 authentication is disabled” message, before falling back to SCRAM-SHA-1. Note that there is no detrimental effect to the operation of the database, and this informational message is provided for your own auditing purposes.
occasionally from regular remote client even the connection string is always the same.
Other than the
mms-automation user, what other application(s) from your environment are causing the same “BadValue: SCRAM-SHA-256 authentication is disabled.” message? Please provide the following details about those application(s):
- Driver being used to connect to the Atlas cluster
- Driver version being used
- MongoDB Version for the Atlas cluster
- Connection string being used (please redact any sensitive information including credentials before posting here).