couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Heiko Selber <wadenwic...@googlemail.com>
Subject Issues with Authentication
Date Sun, 12 Dec 2010 18:01:13 GMT
Hi there,

we turned on authentication on a CouchDB server recently.

However, since we did that, we have lots of connection problems with the server.

We get a whole zoo of errors, most often connection timeouts, but also
diverse other problems ranging from NPE to happily returned empty
lists, even though the view should return a number of documents.

Turning authentication back off immediately eliminates all these problems.

Did anybody else have the same or similar problems? If so, how did you
solve them (if at all)?


Here are our details:

We use a fairly recent git checkout of GeoCouch (1.1.0a771dd47-git).

We use jcouchdb as our client API. The authentication code looks
roughly like this:

[...]
Database database = new Database(host, port, databaseName);
Server server = database.getServer();
AuthScope as = new AuthScope(host, port);
Credentials c = new UsernamePasswordCredentials(user, pass);
server.setCredentials(as, c);
[...]

AFAICT jcouchdb uses org.apache.http.impl.client.BasicCredentialsProvider .

In the couchdb log we see that every request gets a 401
(unauthorized), followed by an identical one, which sometimes returns
successfully (200 OK) or not (403 forbidden and others IIRC).

Apparently jcouchdb tries every request first without authentication,
and provides credentials only if that fails. I wonder if it is
possible to avoid that. I also wonder if that would help us.


Is this list the right place to ask about jcouchdb at all? I know
jcouchdb is hosted by google, not apache, but I guess there are some
jcouchdb experts here nevertheless.


I guess we turned on authentication by the book, by doing this:

1. create user/password on futon (fix admin party)

2. edit local.ini:
[...]
authentication_handlers = {couch_httpd_auth,
cookie_authentication_handler}, {couch_httpd_oauth,
oauth_authentication_handler}, {couch_httpd_auth,
default_authentication_handler}
default_handler = {couch_httpd_db, handle_request}
[...]
; Uncomment next line to trigger basic-auth popup on unauthorized requests.
WWW-Authenticate = Basic realm="administrator"
[...]
[couch_httpd_auth]
secret = someRandomSequenceOfLowercaseHexHere
require_valid_user = true
[...]
[admins]
myuser = mypass

3. restart couchdb

We created only one user who is admin.


Any help would be greatly welcome.

Regards,

Heiko

Mime
View raw message