Docs 15079 md5 usage in scram sha 1 (#612)

jason-price-mongodb · jason-price-mongodb · web-flow · commit 4b9304db21ce · 2022-02-11T16:04:19.000-08:00
* DOCS-15079-md5-usage-in-SCRAM-SHA-1

* DOCS-15079-md5-usage-in-SCRAM-SHA-1

* DOCS-15079-md5-usage-in-SCRAM-SHA-1

* DOCS-15079-md5-usage-in-SCRAM-SHA-1

* DOCS-15079-md5-usage-in-SCRAM-SHA-1

* DOCS-15079-md5-usage-in-SCRAM-SHA-1

Co-authored-by: jason-price-mongodb &lt;jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com&gt;
diff --git a/source/core/security-scram.txt b/source/core/security-scram.txt
@@ -67,7 +67,6 @@ MongoDB supports the following SCRAM mechanisms:
        To modify the iteration count for ``SCRAM-SHA-256``, see
        :parameter:`scramSHA256IterationCount`.
 
-
 When you create or update a SCRAM user, you can indicate:
 
 - the SCRAM mechanism to use
@@ -90,13 +89,19 @@ The minimum driver versions that support ``SCRAM`` are:
 Additional Information
 ----------------------
 
-- `Blog Post: Improved Password-Based Authentication: SCRAM Explained (Part 1)
-  <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
-  odb-30-scram-explained-part-1?tck=docs_server>`_
+.. include:: /includes/md5-and-scram-sha-1.rst
+
+.. seealso::
+
+   - `Blog Post: Improved Password-Based Authentication: SCRAM Explained
+     (Part 1)
+     <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
+     odb-30-scram-explained-part-1?tck=docs_server>`_
 
-- `Blog Post: Improved Password-Based Authentication: SCRAM Explained (Part 2)
-  <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
-  odb-30-scram-explained-part-2?tck=docs_server>`_
+   - `Blog Post: Improved Password-Based Authentication: SCRAM Explained
+     (Part 2)
+     <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
+     odb-30-scram-explained-part-2?tck=docs_server>`_
 
 .. toctree::
    :titlesonly:
diff --git a/source/includes/md5-and-scram-sha-1.rst b/source/includes/md5-and-scram-sha-1.rst
@@ -0,0 +1,12 @@
+If you use :ref:`SCRAM-SHA-1 <authentication-parameters>`:
+
+- :term:`md5` is necessary but is not used for cryptographic purposes,
+  and
+
+- if you use :ref:`FIPS mode <fips-overview>`, then instead of
+  :ref:`SCRAM-SHA-1 <authentication-parameters>` use:
+  
+  - :ref:`SCRAM-SHA-256 <authentication-scram>`,
+  - :ref:`Kerberos <security-kerberos>`,
+  - :ref:`LDAP <security-ldap>`, or
+  - :ref:`x.509 <security-auth-x509>`
diff --git a/source/tutorial/configure-fips.txt b/source/tutorial/configure-fips.txt
@@ -38,6 +38,7 @@ command line.
    authentication. If you use Kerberos or LDAP authentication, you must
    ensure that these external mechanisms are FIPS-compliant.
 
+
 .. note::
 
    .. include:: /includes/fact-tls-1.0.rst
@@ -244,3 +245,5 @@ Additional Considerations
 .. include:: /includes/fact-5.1-scram-sha-1-fips-default.rst
 
 .. include:: /includes/extracts/4.2-changes-fips.rst
+
+.. include:: /includes/md5-and-scram-sha-1.rst
