Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 16685 invoked from network); 16 Feb 2010 09:36:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 16 Feb 2010 09:36:33 -0000 Received: (qmail 70881 invoked by uid 500); 16 Feb 2010 09:36:32 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 70813 invoked by uid 500); 16 Feb 2010 09:36:32 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 70803 invoked by uid 99); 16 Feb 2010 09:36:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 09:36:31 +0000 X-ASF-Spam-Status: No, hits=1.5 required=10.0 tests=NORMAL_HTTP_TO_IP,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of b.candler@pobox.com designates 208.72.237.25 as permitted sender) Received: from [208.72.237.25] (HELO sasl.smtp.pobox.com) (208.72.237.25) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Feb 2010 09:36:22 +0000 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id DFE649AFDC for ; Tue, 16 Feb 2010 04:36:00 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; s=sasl; bh=xwrjX1GjKPbcdRliKvriP7Do6Hs=; b=b8nBHm+ j8n5NLKF5jUegTRDz/i5EpFILBjhIbXGB42GDyLWBx273InwwDal6AJtcWLdBg2R NnDPaS+U5UHwi7qJQFtAdxgWZfJMJxWGuYRxZpfU+9iNE39patIP9+I1VVKbTl+D HIZ/v+w9oeUQugmLzP3ltg6V7uNx5t3RFiFY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:references:mime-version:content-type :in-reply-to; q=dns; s=sasl; b=sEd6ToH6auw6RZFlE7pD/c6XQEH9xGb/2 O2fzkHJTf+6b2JCIKWvC9LAlRi3DvXfH6TRq5BvryO9Ak07gCAZBYyDr6U69uDkF sHasuwtnzciOxTlhIldievjPLVKr1mu0mCyHqlrq+PDsJrA/HZ6dJLRvLJUFhUFx UtOj5gtNCE= Received: from a-pb-sasl-quonix. (unknown [127.0.0.1]) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id D93949AFDB for ; Tue, 16 Feb 2010 04:36:00 -0500 (EST) Received: from zino (unknown [87.194.77.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id A45F39AFDA for ; Tue, 16 Feb 2010 04:36:00 -0500 (EST) Received: from lists by zino with local (Exim 4.69) (envelope-from ) id 1NhJqZ-0001SE-FW for user@couchdb.apache.org; Tue, 16 Feb 2010 09:35:59 +0000 Date: Tue, 16 Feb 2010 09:35:59 +0000 From: Brian Candler To: user@couchdb.apache.org Subject: Re: Couchdb and futon authentication on trunk (910404) Message-ID: <20100216093559.GA5483@uk.tiscali.com> References: <4B7A3596.7010503@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B7A3596.7010503@gmail.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pobox-Relay-ID: B1913C42-1ADE-11DF-AEB5-6AF7ED7EF46B-28021239!a-pb-sasl-quonix.pobox.com On Tue, Feb 16, 2010 at 05:05:10PM +1100, Patrick Barnes wrote: > - In admin party mode, when offered authentication details couchdb > and futon will complain. (from memory, I think the error was > {"error":"unauthorized","reason":"Name or password is incorrect."}) Correct: $ curl -v http://admin:admin@127.0.0.1:5984/ * About to connect() to 127.0.0.1 port 5984 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 5984 (#0) * Server auth using Basic with user 'admin' > GET / HTTP/1.1 > Authorization: Basic YWRtaW46YWRtaW4= > User-Agent: curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g * zlib/1.2.3.3 libidn/1.1 > Host: 127.0.0.1:5984 > Accept: */* > < HTTP/1.1 401 Unauthorized < Server: CouchDB/0.11.0be18ea3db-git (Erlang OTP/R12B) < Date: Tue, 16 Feb 2010 09:31:57 GMT < Content-Type: text/plain;charset=utf-8 < Content-Length: 67 < Cache-Control: must-revalidate < {"error":"unauthorized","reason":"Name or password is incorrect."} * Connection #0 to host 127.0.0.1 left intact * Closing connection #0 I'd have thought that a browser would then prompt the user for new credentials. But if they click 'cancel' I'm not sure what happens (does the browser give up at that point, but not invalidate its cached user/pass?) > (Also, can 'sign up' be disabled / admin users allowed to create new users?) I think you can just set readers ACL on the _users database. But then an admin will be required to change users' passwords too. Regards, Brian.