You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by Dave Cottlehuber <dc...@jsonified.com> on 2014/08/21 15:08:38 UTC
Re: old-style (hashed) passwords for admin are broken in 1.6.0?
> On Thu, Aug 21, 2014 at 4:33 PM, James Dingwall
> wrote:
> > Alexey Elfman wrote:
> >>
> >> Hello.
> >>
> >> I've experiencing troubles after upgrade to 1.6.0.
> >> After short investigation, I realized, that troubles are with admin users
> >> with hashed password (not pbkdf) in locals.ini file.
> >>
> >> Users with hashed password experiencing 403 error accessing couchdb 1.6.0
> >> (all previous versions work fine). Error text isn't helpfull:
> >> "{"error":"forbidden","reason":"doc.type must be user"}"
> >>
> >> So, my recommendation is to reset password before upgrade (it will become
> >> in pbkdf format).
> >>
> >> This trouble (breaking change?) was not covered in change log for 1.6.0,
> >> so, may be, my message will be helpfull for somebody.
> >>
> > This was a bug in the 1.6.0 release. You can apply a patch to the source to
> > solve the problem.
> >
> > Regards,
> > James
Thanks for reporting this Alexey, unless I’m missing something, this seems to be a
*different* problem, I’ve struck this too this morning.
Alexey - what version of CouchDB were you running prior?
repro:
- install 1.2.1
- create admin, bdmin users via futon
- remove old binaries etc `rm -rf bin share lib`
only dbs and .ini files remain (apart from log uri etc)
- install 1.6.0 (or 1-rc.3 with the fix for the raw/unhashed password fix)
- try to log in using admin or bdmin via futon
See https://dpaste.de/XRfY for more details.
CC’ing dev.
—
Dave Cottlehuber
dch@jsonified.com
Sent from my Couch
Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Posted by Alexander Gabriel <al...@barbalex.ch>.
+A
;-)
2014-08-21 22:44 GMT+02:00 Robert Samuel Newson <rn...@apache.org>:
> and the fix is:
> https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=5e46f3b
>
>
> On 21 Aug 2014, at 14:55, Dave Cottlehuber <dc...@jsonified.com> wrote:
>
> >> Thanks for reporting this Alexey, unless I’m missing something, this
> seems to be a
> >> *different* problem, I’ve struck this too this morning.
> >>
> >> Alexey - what version of CouchDB were you running prior?
> >
> > BTW I logged https://issues.apache.org/jira/browse/COUCHDB-2299 for
> this & we’ll hold 1.6.1 to get a fix in. Further info please add to the
> jira ticket!
> >
> > A+
> > Dave
> >
>
>
Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Posted by Robert Samuel Newson <rn...@apache.org>.
and the fix is: https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=5e46f3b
On 21 Aug 2014, at 14:55, Dave Cottlehuber <dc...@jsonified.com> wrote:
>> Thanks for reporting this Alexey, unless I’m missing something, this seems to be a
>> *different* problem, I’ve struck this too this morning.
>>
>> Alexey - what version of CouchDB were you running prior?
>
> BTW I logged https://issues.apache.org/jira/browse/COUCHDB-2299 for this & we’ll hold 1.6.1 to get a fix in. Further info please add to the jira ticket!
>
> A+
> Dave
>
Re: old-style (hashed) passwords for admin are broken in 1.6.0?
Posted by Dave Cottlehuber <dc...@jsonified.com>.
> Thanks for reporting this Alexey, unless I’m missing something, this seems to be a
> *different* problem, I’ve struck this too this morning.
>
> Alexey - what version of CouchDB were you running prior?
BTW I logged https://issues.apache.org/jira/browse/COUCHDB-2299 for this & we’ll hold 1.6.1 to get a fix in. Further info please add to the jira ticket!
A+
Dave