Add to SCRAM-SHA protocol info for XDCR Half-Secure Replications

Description

We've had support issues with SCRAM-SHA authentication when using Half-Secure XDCR replication – an example is .   The issues are caused by customer's monitoring software capturing the "401" responses (that are normal part of the SCRAM-SHA protocol) from the XDCR target nodes, and thinking that the 401's are part of an attack, resetting or killing good connections being used by XDCR.

So, need to document that monitoring software or firewall software may see these 401 responses when half-secure replication is being used, and that they should be allowed as normal.   The documentation should be updated in these places (or updated in one place and referenced):

1) Enable Half-Secure Replications (Understanding Half-Secure Replications)

https://docs.couchbase.com/server/current/manage/manage-xdcr/enable-half-secure-replication.html#understanding-half-secure-replications

2) Managing XDCR Data Encryption (Configuring XDCR with data encryption)

https://docs.couchbase.com/server/current/rest-api/rest-xdcr-data-encrypt.html#configuring-xdcr-with-data-encryption

3) Cross Data Center Replication (XDCR) (XDCR Security) 

https://docs.couchbase.com/server/current/learn/clusters-and-availability/xdcr-overview.html#xdcr-security

The additional info about SCRAM-SHA and half-secure XDCR replication should convey the info below:

Environment

None

Release Notes Description

None

Activity

Tony Hillman April 14, 2022 at 1:22 PM
Edited

Tony Hillman April 14, 2022 at 1:16 PM
Edited

Tony Hillman April 14, 2022 at 12:52 PM
Edited

Unresolved
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Story Points

Components

Sprint

Affects versions

Priority

Instabug

Open Instabug

PagerDuty

Sentry

Zendesk Support

Created April 13, 2022 at 8:01 PM
Updated April 19, 2022 at 8:13 AM
Instabug