Found an interesting bug? If I can call it that.
Seems the cluster.authenticate gives you an error, if you provide a username, which happens to be the same as the username you use to login into your CouchBase Admin console ( via http://localhost:8091 )
This is what you get: "CouchbaseError: Authentication failed. You may have provided an invalid username/password combination"
Any other username does work, of course. You apparently can’t use the same name as your normal login, probably because its somehow stored in the Authentication as well.
Can the CouchBase team perhaps throw out a different error? Or at least put it somewhere in the documentation.
It’s pretty standard to not leak why an authentication failed - i.e. a system providing authentication won’t tell you if you the username was correct but password was incorrect; as that tells an attacker that a given username does (or doesn’t exist).
If you upgraded your server from “an old version” of Couchbase (prior to SCRAM support), ns_server only had the hashed password for Administrator and couldn’t generate the “sha” entries in there. You can try to reset the Administrator password to have ns_server regenerate the entry for Administrator.
Definitely. I was thinking the same thing after I wrote it. But it should at least be mentioned in the docs somewhere. That was the point I was trying to make. Because I can imagine lots of new developers trying out Couchbase and this might be the first issue they bump against. ( and its not mentioned anywhere that if you use the exact same name as your login, that the authentication will fail )