couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Candler <B.Cand...@pobox.com>
Subject Re: Couchdb and futon authentication on trunk (910404)
Date Tue, 16 Feb 2010 09:35:59 GMT
On Tue, Feb 16, 2010 at 05:05:10PM +1100, Patrick Barnes wrote:
> - In admin party mode, when offered authentication details couchdb
> and futon will complain. (from memory, I think the error was
> {"error":"unauthorized","reason":"Name or password is incorrect."})

Correct:

$ curl -v http://admin:admin@127.0.0.1:5984/
* About to connect() to 127.0.0.1 port 5984 (#0)
*   Trying 127.0.0.1... connected
* Connected to 127.0.0.1 (127.0.0.1) port 5984 (#0)
* Server auth using Basic with user 'admin'
> GET / HTTP/1.1
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g
* zlib/1.2.3.3 libidn/1.1
> Host: 127.0.0.1:5984
> Accept: */*
> 
< HTTP/1.1 401 Unauthorized
< Server: CouchDB/0.11.0be18ea3db-git (Erlang OTP/R12B)
< Date: Tue, 16 Feb 2010 09:31:57 GMT
< Content-Type: text/plain;charset=utf-8
< Content-Length: 67
< Cache-Control: must-revalidate
< 
{"error":"unauthorized","reason":"Name or password is incorrect."}
* Connection #0 to host 127.0.0.1 left intact
* Closing connection #0

I'd have thought that a browser would then prompt the user for new
credentials. But if they click 'cancel' I'm not sure what happens (does the
browser give up at that point, but not invalidate its cached user/pass?)

> (Also, can 'sign up' be disabled / admin users allowed to create new users?)

I think you can just set readers ACL on the _users database. But then an
admin will be required to change users' passwords too.

Regards,

Brian.

Mime
View raw message