couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Curt Arnold <carn...@apache.org>
Subject Re: CouchDB Authentication and Authorization
Date Fri, 26 Jun 2009 04:49:08 GMT

On Jun 25, 2009, at 10:02 AM, Jan Lehnardt wrote:

> Hey Couchers,
>
> I'd like to add OAuth support to CouchDB. In thinking about how to  
> make
> a oauth_authentication_handler much like Jason's  
> cookie_authentication_handler
> I went a little further and see how this would fit into a more fine  
> grained
> authentication and authorization system for CouchDB.
>
> I'd like to get my work in progress out here to get your feedback  
> and guidance.
> I'm not married to any of the nomenclature, so feel free to suggest  
> alternatives
> along the way.
>
> OAuth won't need all of that is outlined here, but it would use the  
> foundations of
> this system, and I'd like to get that right from the get go.
>
> Your input is highly appreciated, thanks!


I've been bit by CouchDB barking when it sees stray credentials when  
it is sitting behind an Apache httpd proxy.  I will eventually have to  
dive into that to see how to configure CouchDB to ignore credentials  
when it doesn't need them..  Authentication and authorization in  
CouchDB is one of those things I know I need to get my head around,  
but I have been able to put it off for now.  So all this is just a  
CouchDB novice's rambling, but here goes

CouchDB is likely to be used in conjunction with other Apache servers  
such as httpd or Tomcat and it would be desirable if CouchDB could  
adopt the identical or similar terminology and adopt the same file  
formats if possible.  For example, consume the output from htpasswd  
from httpd instead of using up with a CouchDB specific tool and  
password encryption (or the current ini read and rewrite approach).

httpd and Tomcat both provide DB based authentication with multiple  
backend databases.  While it might be nice to use the same backend DBs  
and the other services, it struck me that we are already on a DB.   
Maybe another CouchDB database could be accessed, however one that is  
not exposed on the default port or possibly not exposed at all after  
initial configuration?

I haven't read the A&A Wiki for CouchDB recently, but when I did  
earlier I got the impression that it was dated and suspect.

Links to some A&A in other Apache projects

http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
http://httpd.apache.org/docs/2.2/howto/auth.html
http://directory.apache.org/

ps. I would think that you'd also want to have write-only (not read 
+write+...)

Mime
View raw message