incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: [patch] proxy authentificationn handler
Date Tue, 02 Feb 2010 17:36:42 GMT
On Tue, Feb 2, 2010 at 6:57 AM, Benoit Chesneau <bchesneau@gmail.com> wrote:
> Hi all,
>
> I've just pushed on jira my proxy authentification handler. This code
> is used behind aimpl.org and works well.
>
> https://issues.apache.org/jira/browse/COUCHDB-636
>
> This handler allows creation of a userCtx objec from a user
> authenticated remotly. The client just pass specific headers to
> CouchDB and the handler create the userCtx. Headers name can be
> defined in local.ini. By thefault they are :
>
> * X-Auth-CouchDB-UserName : username, (x_auth_username in
> couch_httpd_auth section)
> * X-Auth-CouchDB-Roles : user roles, list of roles separated by a
> comma (x_auth_roles in couch_httpd_auth section)
> * X-Auth-CouchDB-Token : token to authenticate the authorization
> (x_auth_token in couch_httpd_auth section). This token is an hmac-sha1
> created from secret key and username. The secret key should be the
> same in the client and couchdb node. secret key is the secret key in
> couch_httpd_auth section of ini. This token is optional if secret key
> isn't defined.

This token should be optional even if the secret key is defined (the
secret is defined by default but people might want to skip the headers
signing stuff if they are in a simple environment.)

>
> What do you think about including it in 0.11 ?

This is fine by me -- the patch is pretty isolated, and disabled by
default, so I don't see it causing any instability.

>
> - benoƮt
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message