DOCS-15079 md5 usage in scram sha 1 (#637)

jason-price-mongodb · jason-price-mongodb · web-flow · commit cbcc01284116 · 2022-02-15T10:39:45.000-08:00
* Docs 15079 md5 usage in scram sha 1 (#612) * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com> * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 * DOCS-15079-md5-usage-in-SCRAM-SHA-1 Co-authored-by: jason-price-mongodb <jshfjghsdfgjsdjh@aolsdjfhkjsdhfkjsdf.com>
diff --git a/source/core/security-scram.txt b/source/core/security-scram.txt
@@ -84,13 +84,15 @@ MongoDB supports the following SCRAM mechanisms:
        To modify the iteration count for ``SCRAM-SHA-256``, see
        :parameter:`scramSHA256IterationCount`.
 
-       .. versionadded:: 4.0
+When you create or update a SCRAM user, you can indicate:
 
-When creating or updating a SCRAM user, you can indicate the specific
-SCRAM mechanism as well as indicate whether the server or the client
-digests the password. When using ``SCRAM-SHA-256``, MongoDB requires
-server-side password hashing, i.e. the server digests the password. For
-details, see :method:`db.createUser()` and :method:`db.updateUser()`.
+- the SCRAM mechanism to use
+- whether the server or the client digests the password
+
+When you use ``SCRAM-SHA-256``, MongoDB requires server-side password
+hashing, which means that the server digests the password. For more
+information, see :method:`db.createUser()` and
+:method:`db.updateUser()`.
 
 Driver Support
 --------------
@@ -107,12 +109,16 @@ The minimum driver versions that support ``SCRAM`` are:
 Additional Information
 ----------------------
 
-- `Blog Post: Improved Password-Based Authentication in MongoDB 3.0: SCRAM
-  Explained (Part 1)
-  <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
-  odb-30-scram-explained-part-1?tck=docs_server>`_
+.. include:: /includes/md5-and-scram-sha-1.rst
+
+.. seealso::
+
+   - `Blog Post: Improved Password-Based Authentication: SCRAM Explained
+     (Part 1)
+     <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
+     odb-30-scram-explained-part-1?tck=docs_server>`_
 
-- `Blog Post: Improved Password-Based Authentication in MongoDB 3.0: SCRAM
-  Explained (Part 2)
-  <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
-  odb-30-scram-explained-part-2?tck=docs_server>`_
+   - `Blog Post: Improved Password-Based Authentication: SCRAM Explained
+     (Part 2)
+     <https://www.mongodb.com/blog/post/improved-password-based-authentication-mong
+     odb-30-scram-explained-part-2?tck=docs_server>`_
diff --git a/source/includes/md5-and-scram-sha-1.rst b/source/includes/md5-and-scram-sha-1.rst
@@ -0,0 +1,12 @@
+If you use :ref:`SCRAM-SHA-1 <authentication-scram-sha-1>`:
+
+- :term:`md5` is necessary but is not used for cryptographic purposes,
+  and
+
+- if you use :doc:`FIPS mode </tutorial/configure-fips>`, then instead
+  of :ref:`SCRAM-SHA-1 <authentication-scram-sha-1>` use:
+  
+  - :ref:`SCRAM-SHA-256 <authentication-scram-sha-256>`,
+  - :ref:`Kerberos <security-kerberos>`,
+  - :ref:`LDAP <security-ldap>`, or
+  - :ref:`x.509 <security-auth-x509>`
diff --git a/source/tutorial/configure-fips.txt b/source/tutorial/configure-fips.txt
@@ -36,6 +36,7 @@ command line.
    authentication. If you use Kerberos or LDAP authentication, you must
    ensure that these external mechanisms are FIPS-compliant.
 
+
 .. note::
 
    .. include:: /includes/fact-tls-1.0.rst
@@ -240,3 +241,5 @@ Additional Considerations
 --------------------------
 
 .. include:: /includes/extracts/4.2-changes-fips.rst
+
+.. include:: /includes/md5-and-scram-sha-1.rst
