DOCS-15019 cluster authentication (#744)

jason-price-mongodb · jason-price-mongodb · web-flow · commit 9740f5aa4551 · 2022-03-03T09:59:37.000-08:00
* DOCS-15019-cluster-authentication

* DOCS-15019-cluster-authentication

* DOCS-15019-cluster-authentication

* DOCS-15019-cluster-authentication

* DOCS-15019-cluster-authentication

* DOCS-15019-cluster-authentication

* DOCS-15019-cluster-authentication

Co-authored-by: jason-price-mongodb &lt;jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com&gt;
diff --git a/source/core/sharded-cluster-config-servers.txt b/source/core/sharded-cluster-config-servers.txt
@@ -181,5 +181,7 @@ security and prevent unauthorized cluster components from accessing the
 cluster. You must start each :binary:`~bin.mongod` in the cluster with the
 appropriate security settings in order to enforce internal authentication.
 
+.. include:: /includes/intra-cluster-authentication.rst
+
 See :doc:`/tutorial/deploy-sharded-cluster-with-keyfile-access-control` for a
 tutorial on deploying a secured sharded cluster.
diff --git a/source/core/sharded-cluster-query-router.txt b/source/core/sharded-cluster-query-router.txt
@@ -333,6 +333,8 @@ cluster. You must start each :binary:`~bin.mongod` or :binary:`~bin.mongos` in t
 cluster with the appropriate security settings in order to enforce internal
 authentication.
 
+.. include:: /includes/intra-cluster-authentication.rst
+
 See :doc:`/tutorial/deploy-sharded-cluster-with-keyfile-access-control` for a
 tutorial on deploying a secured sharded cluster.
 
diff --git a/source/core/sharded-cluster-shards.txt b/source/core/sharded-cluster-shards.txt
@@ -75,6 +75,8 @@ security and prevent unauthorized cluster components from accessing the
 cluster. You must start each :binary:`~bin.mongod` in the cluster with the
 appropriate security settings in order to enforce internal authentication.
 
+.. include:: /includes/intra-cluster-authentication.rst
+
 See :doc:`/tutorial/deploy-sharded-cluster-with-keyfile-access-control` for a
 tutorial on deploying a secured sharded cluster.
 
@@ -87,6 +89,8 @@ in the replica set with the :option:`--auth <mongod --auth>` option to enforce R
 Alternatively, enforcing :doc:`/core/security-internal-authentication` for
 intra-cluster security also enables user access controls via RBAC.
 
+.. include:: /includes/intra-cluster-authentication.rst
+
 Each shard has its own shard-local users. These users cannot be used
 on other shards, nor can they be used for connecting to the cluster
 via a :binary:`~bin.mongos`.
diff --git a/source/includes/intra-cluster-authentication.rst b/source/includes/intra-cluster-authentication.rst
@@ -0,0 +1,7 @@
+Starting in MongoDB 5.3, :ref:`SCRAM-SHA-1 <authentication-scram-sha-1>`
+cannot be used for intra-cluster authentication. Only
+:ref:`SCRAM-SHA-256 <authentication-scram-sha-256>` is supported.
+
+In previous MongoDB versions, SCRAM-SHA-1 and SCRAM-SHA-256 can both be
+used for intra-cluster authentication, even if SCRAM is not explicitly
+enabled.
diff --git a/source/release-notes/5.3-compatibility.txt b/source/release-notes/5.3-compatibility.txt
@@ -35,3 +35,7 @@ single document.
 
 See :parameter:`indexMaxNumGeneratedKeysPerDocument`.
 
+Intra-Cluster Authentication
+----------------------------
+
+.. include:: /includes/intra-cluster-authentication.rst
