- Security >
- Authentication >
- Authentication Mechanisms >
- MONGODB-CR
MONGODB-CR¶
On this page
MONGODB-CR
is a challenge-response mechanism that authenticates users
through passwords. MONGODB-CR
verifies supplied user credentials against
the user’s name
, password
and authentication database
. The authentication database is the database where the
user was created, and the user’s database and the user’s name together serve to
identify the user.
MONGODB-CR
User Credentials and SCRAM¶
Changed in version 3.0.
MongoDB no longer defaults to MONGODB-CR
and instead uses
Salted Challenge Response Authentication Mechanism (SCRAM) as the default authentication mechanism.
After you upgrade a deployment that already has MongoDB Challenge
and Response (MONGODB-CR
) user credentials, if you have not
upgraded the authentication schema, you can continue to use
MONGODB-CR
:
- For older versions of drivers that do not support MongoDB 3.0+
features, you will continue to use
MONGODB-CR
. - For drivers that support MongoDB 3.0+ features (see
Driver Compatibility Changes), you can explicitly specify
MONGODB-CR
as the authentication mechanism to useMONGODB-CR
. Otherwise, the credentials are temporarily converted to use SCRAM during authentication to provide improved protection from passive eavesdroppers; this temporary conversion does not affect how the credentials are stored.
To upgrade the authentication schema model to SCRAM, see Upgrade to SCRAM.
Warning
The procedure to upgrade to SCRAM discards the MONGODB-CR
credentials used by 2.6. As such, the procedure is irreversible,
short of restoring from backups.
The procedure also disables MONGODB-CR
as an authentication
mechanism.