You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@couchdb.apache.org by Dave Cottlehuber <dc...@jsonified.com> on 2014/08/21 15:08:38 UTC

Re: old-style (hashed) passwords for admin are broken in 1.6.0?

 
> On Thu, Aug 21, 2014 at 4:33 PM, James Dingwall  
> wrote:  
> > Alexey Elfman wrote:  
> >>  
> >> Hello.  
> >>  
> >> I've experiencing troubles after upgrade to 1.6.0.  
> >> After short investigation, I realized, that troubles are with admin users  
> >> with hashed password (not pbkdf) in locals.ini file.  
> >>  
> >> Users with hashed password experiencing 403 error accessing couchdb 1.6.0  
> >> (all previous versions work fine). Error text isn't helpfull:  
> >> "{"error":"forbidden","reason":"doc.type must be user"}"  
> >>  
> >> So, my recommendation is to reset password before upgrade (it will become  
> >> in pbkdf format).  
> >>  
> >> This trouble (breaking change?) was not covered in change log for 1.6.0,  
> >> so, may be, my message will be helpfull for somebody.  
> >>  
> > This was a bug in the 1.6.0 release. You can apply a patch to the source to  
> > solve the problem.  
> >  
> > Regards,  
> > James  


Thanks for reporting this Alexey, unless I’m missing something, this seems to be a
*different* problem, I’ve struck this too this morning.

Alexey - what version of CouchDB were you running prior?

repro:

- install 1.2.1
- create admin, bdmin users via futon
- remove old binaries etc `rm -rf bin share lib`
  only dbs and .ini files remain (apart from log uri etc)
- install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix)
- try to log in using admin or bdmin via futon

See https://dpaste.de/XRfY for more details.

CC’ing dev.

—
Dave Cottlehuber
dch@jsonified.com
Sent from my Couch

Re: old-style (hashed) passwords for admin are broken in 1.6.0?

Posted by Alexander Gabriel <al...@barbalex.ch>.

+A

;-)



2014-08-21 22:44 GMT+02:00 Robert Samuel Newson <rn...@apache.org>:

> and the fix is:
> https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=5e46f3b
>
>
> On 21 Aug 2014, at 14:55, Dave Cottlehuber <dc...@jsonified.com> wrote:
>
> >> Thanks for reporting this Alexey, unless I’m missing something, this
> seems to be a
> >> *different* problem, I’ve struck this too this morning.
> >>
> >> Alexey - what version of CouchDB were you running prior?
> >
> > BTW I logged https://issues.apache.org/jira/browse/COUCHDB-2299 for
> this & we’ll hold 1.6.1 to get a fix in. Further info please add to the
> jira ticket!
> >
> > A+
> > Dave
> >
>
>

Re: old-style (hashed) passwords for admin are broken in 1.6.0?

Posted by Robert Samuel Newson <rn...@apache.org>.

and the fix is: https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=5e46f3b


On 21 Aug 2014, at 14:55, Dave Cottlehuber <dc...@jsonified.com> wrote:

>> Thanks for reporting this Alexey, unless I’m missing something, this seems to be a 
>> *different* problem, I’ve struck this too this morning.  
>> 
>> Alexey - what version of CouchDB were you running prior?  
> 
> BTW I logged https://issues.apache.org/jira/browse/COUCHDB-2299 for this & we’ll hold 1.6.1 to get a fix in. Further info please add to the jira ticket!
> 
> A+
> Dave
>

Re: old-style (hashed) passwords for admin are broken in 1.6.0?

Posted by Dave Cottlehuber <dc...@jsonified.com>.

> Thanks for reporting this Alexey, unless I’m missing something, this seems to be a 
> *different* problem, I’ve struck this too this morning.  
>  
> Alexey - what version of CouchDB were you running prior?  

BTW I logged https://issues.apache.org/jira/browse/COUCHDB-2299 for this & we’ll hold 1.6.1 to get a fix in. Further info please add to the jira ticket!

A+
Dave