14
1
I am getting a message when I start bitcoind :
Config options rpcuser and rpcpassword will soon be deprecated. Locally-run instances may remove rpcuser to use cookie-based auth, or may be replaced with rpcauth. Please see share/rpcuser for rpcauth auth generation
What is cookie based auth and how can I use it ?
Thanks
18
Cookie based authentication is used when no rpc password is provided. The 0.12 release of Bitcoin Core had the following to say about it:
When no -rpcpassword is specified, the daemon now uses a special ‘cookie’ file for authentication. This file is generated with random content when the daemon starts, and deleted when it exits. Its contents are used as authentication token. Read access to this file controls who can access through RPC. By default it is stored in the data directory but its location can be overridden with the option -rpccookiefile.
This is similar to Tor’s CookieAuthentication: see https://www.torproject.org/docs/tor-manual.html.en
This allows running bitcoind without having to do any manual configuration.
If all you use is bitcoin-cli without need for the RPC user/password stuff, you should probably just comment out or remove rpcuser=XXX and rpcpassword=YYY from bitcoin.conf and restart bitcoin. It "should just work [tm]".
If you need a specified rpc user/pass combo, you need to switch to using rpcauth instead of rpcuser/rpcpassword.
The rpcauth is described as
Username and hashed password for JSON-RPC connections. The field comes in the format:
<USERNAME>:<SALT>$<HASH>. A canonical python script is included in share/rpcuser. This option can be specified multiple times
In share/rpcuser (on github) there is a Python script which lets you create such a user/password combo (note that you are given the password, you do not get to specify it yourself).
Grab that python script, then run it. E.g.
$ python ./rpcuser.py foo
String to be appended to bitcoin.conf:
rpcauth=foo:a14191e6892facf70686a397b126423$ddd6f7480817bd6f8083a2e07e24b93c4d74e667f3a001df26c5dd0ef5eafd0d
Your password:
VX3z87LBVc_X7NBLABLABLABLA
Then replace rpcuser with foo and rpcpassword with VX3z87LBVc_X7NBLABLABLABLA wherever you are connecting to the bitcoind RPC.
1
In the recent version of Bitcoin Core, the name of script is rpcauth.py and its located in ./bitcoin/share/rpcauth/rpcauth.py (available on Bitcoin Core's github repository as well, share/rpcauth/rpcauth.py).
1
The http remote procedure call (RPC) interface enforces "basic access authentication". "Cookie-based" authentication is misleading because it doesn't actually use http cookies. The short story is that on startup if you don't otherwise specify credentials via rpcuser+rpcpassword, bitcoind will write a file named ".cookie" in the data directory with contents "__cookie__:abc123" where __cookie__ is the basic auth username and abc123 is a randomly generated password. On shutdown, bitcoind deletes the file.
"cookie" here isn't a reference to HTTP cookies, but to an authentication cookie, like for example X11 uses for authentication. I believe that use of the term cookie actually predates HTTP itself. – Pieter Wuille – 2018-11-22T11:12:02.513
@PieterWuille I believe that use of the term cookie actually predates computers themselves :p Whatever it may mean elsewhere, in the context of an http interface, "cookie" is most naturally interpreted as "http cookie". If you don't believe me, give a dozen developers an http URL, a file named ".cookie", and the statement "its contents are used as authentication token", and see how many try to put the contents into a "Cookie" header. See also https://bitcoin.stackexchange.com/questions/43769/using-php-with-rpc-and-cookie
I meant the term cookie specifically in the meaning of "a file in the local filesystem a client can read to obtain an authentication token for a server running on the same system". It may be confusing to people who aren't familiar with the concept, but it certainly isn't a misnomer - it's the established name for that concept. – Pieter Wuille – 2018-11-22T17:33:17.593
1
I was struggling with this same difficulty and managed to make it work. Obviously, bitcoin-cli must be made aware of credentials to use when making RPC calls, and I am guessing here that bitcoin-cli expects the credentials specified with variablies rpcuser and rpcpassword. However, these two variables are unnecessary to allow one to authenticate when making an RPC call via HTTP. So for bitcoin-cli's sake, bitcoind generates the .cookie file when rpcuser and rpcpassword are not defined in bitcoin.conf
Another thing I wanted to point out is that one can actually have a password of their choosing when using ./share/rpcauth/rpcauth.py to generate credentials. Simply pass to it two parameters as such ./share/rpcauth/rpcauth.py <username> <password> and you'll have it.
0
i solved this for my Node by following lines in the Bitcoin.cfg after i started the client ( not the QT) with
-rpcuser=mynamewhateveryounameit
and in the Config i wrote
Position of the Cookie = your Password) rpccookiefile=D:\Bitcoin\wallet.cookie
allow not needed i guess for you are allways free to connect in your network but i did it anyway rpcallowip=127.0.0.1
connection to the python proxy ( i use python-bitcoinrpc-master, much better then Python only
from bitcoinrpc.authproxy import AuthServiceProxy
And thats all for the reason that it soon will be impossible to set your password or Username in the Config file. dont know why, but it is like it is
For the record, the script
rpcauth.pyonly works with python3. – Thalis K. – 2019-07-28T11:27:25.880Also you can give the password to
rpcauth.pyyourself by running it aspython3 /path/to/rpcauth.py myusername -. The final-means the script will prompt you for the password. Works with bitcoin-core v0.18. – Thalis K. – 2019-07-28T11:33:33.0531I tried to do this, but when I removed rpcuser and rpcpassword from bitcoin.conf I started to get this message: No rpcpassword set - using random cookie authentication Generated RPC authentication cookie. I added rpcauth generated by rpcuser.py but it doesn't seem to recognize it. What am I missing? – hsmiths – 2018-01-13T20:22:07.173
@hsmiths You can use the randomly generated cookie file in the bitcoin data directory, or you can add an rpcauth line to bitcoin.conf. Not sure why the rpcauth line isn't recognized. I've used it in the past. – Kalle – 2018-01-15T02:19:31.140
@hsmiths Yor message 'No PRC password set...' is actually a message that says cookie auth is working. – Willtech – 2018-01-29T10:54:43.437
1This doesn't actually describe how to use "cookie-based" authentication. Instead it describes how to use "rpcauth", which was not the question. This should not be the "accepted" answer. – chrisarnesen – 2018-11-15T04:10:42.217