incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Cottlehuber <...@jsonified.com>
Subject Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Date Thu, 21 Aug 2014 13:08:38 GMT
 
> On Thu, Aug 21, 2014 at 4:33 PM, James Dingwall  
> wrote:  
> > Alexey Elfman wrote:  
> >>  
> >> Hello.  
> >>  
> >> I've experiencing troubles after upgrade to 1.6.0.  
> >> After short investigation, I realized, that troubles are with admin users  
> >> with hashed password (not pbkdf) in locals.ini file.  
> >>  
> >> Users with hashed password experiencing 403 error accessing couchdb 1.6.0  
> >> (all previous versions work fine). Error text isn't helpfull:  
> >> "{"error":"forbidden","reason":"doc.type must be user"}"  
> >>  
> >> So, my recommendation is to reset password before upgrade (it will become  
> >> in pbkdf format).  
> >>  
> >> This trouble (breaking change?) was not covered in change log for 1.6.0,  
> >> so, may be, my message will be helpfull for somebody.  
> >>  
> > This was a bug in the 1.6.0 release. You can apply a patch to the source to  
> > solve the problem.  
> >  
> > Regards,  
> > James  


Thanks for reporting this Alexey, unless I’m missing something, this seems to be a
*different* problem, I’ve struck this too this morning.

Alexey - what version of CouchDB were you running prior?

repro:

- install 1.2.1
- create admin, bdmin users via futon
- remove old binaries etc `rm -rf bin share lib`
  only dbs and .ini files remain (apart from log uri etc)
- install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix)
- try to log in using admin or bdmin via futon

See https://dpaste.de/XRfY for more details.

CC’ing dev.

—
Dave Cottlehuber
dch@jsonified.com
Sent from my Couch



Mime
View raw message