It's also the sort of thing one would expect in a Debian postinst via Dialog.
B. On 17 August 2011 17:04, Benoit Chesneau <bchesn...@gmail.com> wrote: > On Wednesday, August 17, 2011, Jason Smith <j...@iriscouch.com> wrote: >> On Wed, Aug 17, 2011 at 10:22 PM, Robert Newson <rnew...@apache.org> > wrote: >>> Jason, >>> >>> The --set-password thing is to ensure there are no plaintext passwords >>> in the first place, which eliminates the oddness of couch rewriting a >>> plaintext pwd to a digested pwd (and putting the output in a different >>> file). >> >> Thanks for the clarification. >> >> If you can read a plaintext password from an .ini file, then you can >> hit the HTTP API as the admin and make changes to the couch. So that >> is privilege escalation. >> >> To answer Benoit's question, it is simpler to tell admins to use the >> HTTP API (or Futon) to create the admin account. The password is >> stored *somewhere* under the hood. IMHO it is less simple to add a >> command-line tool as a requirement (or worse, as an alternative >> option) to deploy Couch. >> >> -- > it all depends if you admin via a console. > > couchctl set-password username is a way easier than curl -XPUT > http://blah/_users -D... -H... . at the end if you are a good admin you > will write this script. providing useful helpere don't break the kiss way > here. > > benoît >
