incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Wenk <andyw...@apache.org>
Subject Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Date Thu, 21 Aug 2014 12:58:39 GMT
... or better help and vote on the release 1.6.1

http://markmail.org/search/?q=list%3Aorg.apache.couchdb-dev+1.6.1#query:list%3Aorg.apache.couchdb-dev%201.6.1+page:1+mid:qae64n7x257xs7am+state:results

:)


On 21 August 2014 14:40, Alexander Shorin <kxepal@gmail.com> wrote:

> or just wait for awhile for 1.6.1 release with the bugfix.
> --
> ,,,^..^,,,
>
>
> On Thu, Aug 21, 2014 at 4:33 PM, James Dingwall
> <james.dingwall@zynstra.com> wrote:
> > Alexey Elfman wrote:
> >>
> >> Hello.
> >>
> >> I've experiencing troubles after upgrade to 1.6.0.
> >> After short investigation, I realized, that troubles are with admin
> users
> >> with hashed password (not pbkdf) in locals.ini file.
> >>
> >> Users with hashed password experiencing 403 error accessing couchdb
> 1.6.0
> >> (all previous versions work fine). Error text isn't helpfull:
> >> "{"error":"forbidden","reason":"doc.type must be user"}"
> >>
> >> So, my recommendation is to reset password before upgrade (it will
> become
> >> in pbkdf format).
> >>
> >> This trouble (breaking change?) was not covered in change log for 1.6.0,
> >> so, may be, my message will be helpfull for somebody.
> >>
> > This was a bug in the 1.6.0 release.  You can apply a patch to the
> source to
> > solve the problem.
> >
> > Regards,
> > James
> >
> > cat << EOF | patch src/couchdb/couch_passwords.erl
> > --- src/couchdb/couch_passwords.erl.orig        2014-07-26
> > 17:53:22.624015000 +0000
> > +++ src/couchdb/couch_passwords.erl     2014-07-26 17:54:10.524015000
> +0000
> > @@ -26,7 +26,9 @@
> >      ?l2b(couch_util:to_hex(crypto:sha(<<Password/binary,
> Salt/binary>>))).
> >
> >  %% CouchDB utility functions
> > --spec hash_admin_password(binary()) -> binary().
> > +-spec hash_admin_password(binary() | list()) -> binary().
> > +hash_admin_password(ClearPassword) when is_list(ClearPassword) ->
> > +    hash_admin_password(?l2b(ClearPassword));
> >  hash_admin_password(ClearPassword) when is_binary(ClearPassword) ->
> >      Iterations = couch_config:get("couch_httpd_auth", "iterations",
> > "10000"),
> >      Salt = couch_uuids:random(),
> > EOF
> >
>



-- 
Andy Wenk
Hamburg - Germany
RockIt!

GPG fingerprint: C044 8322 9E12 1483 4FEC 9452 B65D 6BE3 9ED3 9588

 https://people.apache.org/keys/committer/andywenk.asc

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message