couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From J Chris Anderson <jch...@gmail.com>
Subject Re: Lost access to configuration
Date Mon, 28 Jun 2010 23:03:12 GMT

On Jun 28, 2010, at 3:55 PM, Paweł Stawicki wrote:

> Thanks Chris for all your explanations.
> 
>> Normal user passwords are in the user db, but admin user passwords are stored in
the config.
> 
> So how can I create non-admin user? I can create SHA1 of his password
> and create this user by hand in _users db, but how can I know what is
> the "salt"? I must be missing something, but I don't know what.
> 

The easiest way to create a non admin user, is by the Signup link in Futon. (visible when
you are logged out)

This uses library code included in jquery.couch.js (which should be not hard to port to your
language of choice, if need be)

Again, spying on the HTTP chatter between Futon and Couch will be helpful here.

In this case, the salt is random. I think jquery.couch.js just uses a CouchDB uuid.

Chris

> --
> Paweł Stawicki
> http://pawelstawicki.blogspot.com
> http://szczecin.jug.pl
> 
> 
> 
> 
> On Mon, Jun 28, 2010 at 23:16, J Chris Anderson <jchris@gmail.com> wrote:
>> 
>> On Jun 28, 2010, at 12:38 PM, Paweł Stawicki wrote:
>> 
>>> Ok, this works after I set require_valid_user = false in
>>> /etc/couchdb/local.ini. But what if I want this option to be turned
>>> on? When it's on, I can't even see "Login" link. Seems like it's also
>>> restricted. I am getting 3 error messages:
>>> 
>>> "An error occurred retrieving/updating the server configuration:
>>> Authentication required."
>>> "Server information could not be retrieved: Authentication required."
>>> "An error occurred getting session info: Authentication required."
>>> 
>> 
>> Did some looking into it:
>> 
>> require_valid_user = true means that you have to configure CouchDB specially to use
something like the proxy_authentification_handler, so that some other software can craft the
userCtx. This means that there is not currently a way to login to a CouchDB that is set to
have require_valid_user = true (because you can't access any of the APIs or resources required
to login).
>> 
>> This is a bug, but not a straightforward one to fix. Here is the Jira ticket:
>> 
>> https://issues.apache.org/jira/browse/COUCHDB-649
>> 
>> 
>>> And even with require_valid_user = false, how can I login outside of
>>> futon? E.g. if I want to operate on database via HTTP by curl?
>>> 
>>> I also want to ask where user's password is kept? I created more
>>> admins by clicking "Setup more admins" next to login link in futon.
>>> Let's call created user "sam". Then I went to
>>> http://localhost:5984/_users/org.couchdb.user:sam and there is no
>>> "password_sha1" field, nor "salt" field.
>>> 
>> 
> 
>> 
>>> Best regards
>>> --
>>> Paweł Stawicki
>>> http://pawelstawicki.blogspot.com
>>> http://szczecin.jug.pl
>>> 
>>> 
>>> 
>>> 
>>> On Sun, Jun 27, 2010 at 23:06, J Chris Anderson <jchris@gmail.com> wrote:
>>>> 
>>>> On Jun 27, 2010, at 1:40 PM, Paweł Stawicki wrote:
>>>> 
>>>>> Hello,
>>>>> 
>>>>> Recently I was playing with authentication settings, and now I lost
>>>>> access to configuration of my server :( I can't login as server admin.
>>>>> My system is ubuntu 10.04, and I use couchdb 0.11.
>>>>> 
>>>>> In /etc/couchdb/local.ini I set in [admin] section:
>>>>> joe = joe
>>>>> 
>>>>> and restarted database. In my browser I go to:
>>>>> http://joe:joe@localhost:5984/_utils/database.html?_config
>>>>> 
>>>>> But then I get message "You are not a server admin".
>>>>> 
>>>>> How can I log in as server admin?
>>>>> 
>>>> 
>>>> in the lower right hand corner of http://localhost:5984/_utils/ should be
a Login link. try the joe credentials there.
>>>> 
>>>>> Best regards
>>>>> --
>>>>> Paweł Stawicki
>>>>> http://pawelstawicki.blogspot.com
>>>>> http://szczecin.jug.pl
>>>> 
>>>> 
>> 
>> 


Mime
View raw message