Create Users and Configure CouchDB security
Create password and salt - sth. equivalent to this:
max@nolugar:~$ SALT=`openssl rand 16 | openssl md5`
max@nolugar:~$ echo salt=$SALT
salt=(stdin)= 86228f1f8f2fe7ac836114280a48dff8
max@nolugar:~$ echo -n "foobar86228f1f8f2fe7ac836114280a48dff8" | openssl sha1
(stdin)= 348bed8359dcedd08204ad9c0cd14ae541920dfc
max@nolugar:~$ cat >> leap_web.user.json
{
"_id" : "org.couchdb.user:leap_web",
"type" : "user",
"name" : "leap_web",
"roles" : ["certs"],
"password_sha" : "348bed8359dcedd08204ad9c0cd14ae541920dfc",
"salt" : "86228f1f8f2fe7ac836114280a48dff8"
}
Let's create the user
max@nolugar:~$ HOST="http://127.0.0.1:5984"
max@nolugar:~$ curl -X PUT $HOST/_users/org.couchdb.user:leap_web --data @leap_web.user.json
{"ok":true,"id":"org.couchdb.user:leap_web","rev":"1-8374cf9032a960ea3e49fd04e0851539"}
Let's set the security for the leap_web db.
max@nolugar:~$ cat >> leap_web.security.json
{
"admins" : {
"names" : [],
"roles" : []
},
"readers" : {
"names" : ["leap_web"],
"roles" : []
}
}
max@nolugar:~$ curl -X PUT $HOST/leap_web/_security --data @leap_web.security.json
{"ok":true}
Now create another user like above with the name leap_ca and role certs. Afterwards we can allow both users to access the certs db by allowing it to the certs group:
max@nolugar:~$ cat >> certs.security.json
{
"admins" : {
"names" : [],
"roles" : []
},
"readers" : {
"names" : [],
"roles" : ["certs"]
}
}
max@nolugar:~$ curl -X PUT $HOST/leap_web_certs/_security --data @certs.security.json
{"ok":true}
The usernames and passwords of these need to go into config/couchdb.yaml of the leap_web and leap_ca:
leap_web:
production: protocol: 'http' host: 'localhost' port: 5984 prefix: leap_web suffix: '' username: leap_web password: foobar
leap_ca:
production: protocol: 'http' host: 'localhost' port: 5984 prefix: leap_web suffix: '' username: leap_ca password: ...
(from redmine: created on 2012-10-18, relates #1867 (closed), relates #2173 (closed), duplicates #642 (closed))