Return-Path: Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: (qmail 95633 invoked from network); 21 Feb 2011 18:43:06 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 21 Feb 2011 18:43:06 -0000 Received: (qmail 78060 invoked by uid 500); 21 Feb 2011 18:43:04 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 77793 invoked by uid 500); 21 Feb 2011 18:43:02 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 77785 invoked by uid 99); 21 Feb 2011 18:43:02 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Feb 2011 18:43:02 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of prvs=3033E31D9F=tshead@sandia.gov designates 132.175.109.17 as permitted sender) Received: from [132.175.109.17] (HELO sentry-three.sandia.gov) (132.175.109.17) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Feb 2011 18:42:53 +0000 X-WSS-ID: 0LGZDAT-0C-86K-02 X-M-MSG: Received: from sentry.sandia.gov (mm04snlnto.sandia.gov [132.175.109.21]) by sentry-three.sandia.gov (Postfix) with ESMTP id 126314DF51B for ; Mon, 21 Feb 2011 11:42:28 -0700 (MST) Received: from [134.253.165.160] by sentry.sandia.gov with ESMTP (SMTP Relay 01 (Email Firewall v6.3.2)); Mon, 21 Feb 2011 11:42:24 -0700 X-Server-Uuid: 6BFC7783-7E22-49B4-B610-66D6BE496C0E Received: from s914183.srn.sandia.gov (134.253.242.217) by smtps.sandia.gov (134.253.165.15) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 21 Feb 2011 11:42:24 -0700 Message-ID: <4D62B210.202@sandia.gov> Date: Mon, 21 Feb 2011 11:42:24 -0700 From: "Timothy Shead" User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: "user@couchdb.apache.org" Subject: Alternate Authentication Mechanisms X-TMWD-Spam-Summary: TS=20110221184225; ID=1; SEV=2.3.1; DFV=B2011022118; IFV=NA; AIF=B2011022118; RPD=5.03.0010; ENG=NA; RPDID=7374723D303030312E30413031303230372E34443632423231312E303042352C73733D312C6667733D30; CAT=NONE; CON=NONE; SIG=AAAAAAAAAAAAAAAAAAAAAAAAfQ== X-MMS-Spam-Filter-ID: B2011022118_5.03.0010 X-WSS-ID: 617C6D9A4CO3786630-01-01 Content-Type: text/plain; charset=iso-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm interested in hearing about any alternatives to the current authentication mechanisms in CouchDB. In particular, I'd like to bypass the _users database to base authentication and access control on existing directories of user and group information (LDAP, Kerberos, or what-have-you). Any experience out there? In an ideal world, I'd love to have some sort of "external auth" mechanism that would be comparable to the current external processes, making it possible to implement authentication logic in any language / use whatever libraries are available. Any thoughts? Cheers, Tim -- Timothy M. Shead Sandia National Laboratories 1461, Scalable Analysis and Visualization