Authentication
To access Couchbase Server, users must be authenticated. Authentication is a process for identifying who is attempting to access a system. Subsequent to successful authentication, authorization can be performed, whereby the user’s appropriate access-level is determined.
Authentication can be performed by means of a username and password, assigned to each administrator or application. Authentication can also be performed by means of X.509 Certificates: these support Transport Layer Security, by establishing the identity of a client or server through digital signatures. They also provide keys to support on-the-wire encryption, according to the conventions of Public Key Infrastructure (PKI).
Couchbase Server assigns each user to one of two authentication domains: the local domain consisting of users whose credentials are maintained by Couchbase Server itself; the external domain consisting of users whose credentials are maintained remotely — for example, on an LDAP server or a SAML IdP.
For detailed information on these topics, see:
-
Understanding Authentication, which provides an overview of all the key aspects of Couchbase authentication.
-
Usernames and Passwords, which lists the conventions whereby usernames and passwords can be designed and passed by administrators and applications.
-
Authentication Domains, which contains full explanations of the local and external authentication domains supported by Couchbase Server.
-
Certificates, which provides a detailed overview of how certificates are supported by Couchbase Server, for the authentication of clusters, nodes, and client applications.