To access Couchbase Server, users must be authenticated. Authentication is a process for identifying who is attempting to access a system. Subsequent to successful authentication, authorization can be performed, whereby the user’s appropriate access-level is determined.
Authentication can be performed by means of a username and password, assigned to each administrator or application. Authentication can also be performed by means of X.509 Certificates: these support Transport Layer Security, by establishing the identity of a client or server through digital signatures. They also provide keys to support on-the-wire encryption, according to the conventions of Public Key Infrastructure (PKI).
Couchbase Server assigns each user to one of two authentication domains: the local domain consisting of users whose credentials are maintained by Couchbase Server itself; the external domain consisting of users whose credentials are maintained remotely — for example, on an LDAP server.
For detailed information on these topics, see:
Understanding Authentication, which provides an overview of all the key aspects of Couchbase authentication.
Usernames and Passwords, which lists the conventions whereby usernames and passwords can be designed and passed by administrators and applications.
Authentication Domains, which contains full explanations of the local and external authentication domains supported by Couchbase Server.
Certificates, which provides a detailed overview of how certificates are supported by Couchbase Server, for the authentication of clusters, nodes, and client applications.