couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-2362) Have dev/run put the same cookie secret and hashed admin password in all three nodes of dev cluster
Date Fri, 14 Nov 2014 17:23:34 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-2362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212502#comment-14212502
] 

ASF subversion and git services commented on COUCHDB-2362:
----------------------------------------------------------

Commit 6de6ca673c082f8c2c093e76f2834407b1ab0bed in couchdb's branch refs/heads/goodbye-futon
from [~candeira]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=6de6ca6 ]

fixes COUCHDB-2362 admin and cookie auth in dev cluster

  Ensure that the cookie secret is the same on all nodes.

  When running the dev cluster with dev/run and the --admin option,
  ensure that the hashed admin password is the same on all nodes.

  Includes a copy of Armin Ronacher's pbkdf2.py:
  - https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py


> Have dev/run put the same cookie secret and hashed admin password in all three nodes
of dev cluster
> ---------------------------------------------------------------------------------------------------
>
>                 Key: COUCHDB-2362
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2362
>             Project: CouchDB
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: BigCouch
>            Reporter: Javier Candeira
>
> When starting a dev cluster with the --admin option:
> `dev/run -a candeira:candeira`
> the local.ini scripts get rebuilt with an extra [admin] section and the plaintext user
= password line. This means that couchdb adds the hashed password instead of replacing it.
> in addition, the admin party fix only sets the user = password line in one of the cluster's
nodes, which may create problem.
> The forthcoming patch will initialise all three nodes with the same hashed password,
as per rnewson:
> 00:27 <+rnewson> so you need to ensure that the admin is the same on all nodes
after  hashing  
> 00:28 <+rnewson> otherwise cookies won't work if you hop between nodes



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message