You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/11/13 12:09:33 UTC
[jira] [Commented] (COUCHDB-2362) Have dev/run put the same cookie
secret and hashed admin password in all three nodes of dev cluster
[ https://issues.apache.org/jira/browse/COUCHDB-2362?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14209589#comment-14209589 ]
ASF subversion and git services commented on COUCHDB-2362:
----------------------------------------------------------
Commit 6de6ca673c082f8c2c093e76f2834407b1ab0bed in couchdb's branch refs/heads/master from [~candeira]
[ https://git-wip-us.apache.org/repos/asf?p=couchdb.git;h=6de6ca6 ]
fixes COUCHDB-2362 admin and cookie auth in dev cluster
Ensure that the cookie secret is the same on all nodes.
When running the dev cluster with dev/run and the --admin option,
ensure that the hashed admin password is the same on all nodes.
Includes a copy of Armin Ronacher's pbkdf2.py:
- https://github.com/mitsuhiko/python-pbkdf2/blob/master/pbkdf2.py
> Have dev/run put the same cookie secret and hashed admin password in all three nodes of dev cluster
> ---------------------------------------------------------------------------------------------------
>
> Key: COUCHDB-2362
> URL: https://issues.apache.org/jira/browse/COUCHDB-2362
> Project: CouchDB
> Issue Type: Improvement
> Security Level: public(Regular issues)
> Components: BigCouch
> Reporter: Javier Candeira
>
> When starting a dev cluster with the --admin option:
> `dev/run -a candeira:candeira`
> the local.ini scripts get rebuilt with an extra [admin] section and the plaintext user = password line. This means that couchdb adds the hashed password instead of replacing it.
> in addition, the admin party fix only sets the user = password line in one of the cluster's nodes, which may create problem.
> The forthcoming patch will initialise all three nodes with the same hashed password, as per rnewson:
> 00:27 <+rnewson> so you need to ensure that the admin is the same on all nodes after hashing
> 00:28 <+rnewson> otherwise cookies won't work if you hop between nodes
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)