[
https://issues.apache.org/jira/browse/COUCHDB-2343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14153219#comment-14153219
]
Robert Newson commented on COUCHDB-2343:
----------------------------------------
note that it's specifically that the 'salt' value is generated at each site and
used in the cookie verification. So basic auth will work, but cookie auth fails
if you bounce around the cluster.
> /_config/admins/username fails on master
> ----------------------------------------
>
> Key: COUCHDB-2343
> URL: https://issues.apache.org/jira/browse/COUCHDB-2343
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: HTTP Interface
> Affects Versions: 2.0.0
> Reporter: Joan Touzet
> Priority: Blocker
> Labels: auth
>
> In a multi-node setup, calling _config/admins/username to create an admin
> user fails to correctly configure a cluster with a new administrator. This
> fails for two reasons:
> 1) The call is only processed on a single node, and the admin entry is not
> replicated
> 2) Even if the call is repeated on all nodes manually, the hashes will be
> different on each node, which will cause cookie failure when attempting to
> authenticate via other machines.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
