SCRAM (original) (raw)

Salted Challenge Response Authentication Mechanism (SCRAM) is the default authentication mechanism for MongoDB.

When a user authenticatesthemselves, MongoDB uses SCRAM to verify the supplied user credentials against the user's name,password andauthentication database.

SCRAM is based on the IETF RFC 5802 standard that defines best practices for the implementation of challenge-response mechanisms for authenticating users with passwords.

Important

You cannot use both SCRAM authentication and another authentication type for the same user.

MongoDB's implementation of SCRAM provides:

MongoDB supports the following SCRAM mechanisms:

SCRAM Mechanism Description
SCRAM-SHA-1 Uses the SHA-1 hashing function.To modify the iteration count for SCRAM-SHA-1, seescramIterationCount.
SCRAM-SHA-256 Uses the SHA-256 hashing function.To modify the iteration count for SCRAM-SHA-256, seescramSHA256IterationCount.

When you create or update a SCRAM user, you can indicate:

When you use SCRAM-SHA-256, MongoDB requires server-side password hashing, which means that the server digests the password. For more information, see db.createUser() anddb.updateUser().

The minimum driver versions that support SCRAM are:

If you use SCRAM-SHA-1: