couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Hammond <skippy.hamm...@gmail.com>
Subject Re: CouchDB Authentication and Authorization
Date Fri, 26 Jun 2009 02:31:54 GMT
On 26/06/2009 1:02 AM, Jan Lehnardt wrote:
> A an example authentication client request
>
>    | client |  ---> | http request with credentials |  ---> |
> authentication handler |  ---> | lookup in authentication handler
> specific view in `users` database |  ---> | grant or deny access, set
> role |

If you intend support Windows NTLM authentication, there are a couple of 
things that may, or may not, complicate this:

* NTLM is based on a series of 'challenge/response' pairs; the client 
issues a request, the server responds with a 404 and a 'token' in the 
headers, the client re-requests with a token based on the server's 
token, the server responds yet again with 404 and a new token, then 
finally the client's next request works.

* NTLM is connection-based.  Once the connection is closed you must 
re-do that dance.  It is not possible to persist anything beyond the 
life of the connection which you can use on a subsequent connection. 
Therefore, the dance described about must also be performed on the same 
connection.

Hoping this is relevant,

Mark



Mime
View raw message