Merge pull request #6388

0937290 doc: mention RPC random cookie authentication in release notes (Wladimir J. van der Laan) 71cbeaa rpc: Implement random-cookie based authentication (Wladimir J. van der Laan)
author: Wladimir J. van der Laan <laanwj@gmail.com> 2015-07-14 13:05:35 +0200
committer: Wladimir J. van der Laan <laanwj@gmail.com> 2015-07-14 13:06:01 +0200
commit: fd5dfda9396968346edcf1f5ddf946d63e797554 (patch)
tree: d45ba1bce0c7994fa496731577782304a342b6bf /doc
parent: bb59e7890cb45f71192c1a4bc0268618d2f6075e (diff)
parent: 093729055358ecf155b74ce1b2870d3eb9064355 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/doc/release-notes.md b/doc/release-notes.md
index 6bb8587d78..d5ac70380f 100644
--- a/doc/release-notes.md
+++ b/doc/release-notes.md
@@ -4,6 +4,21 @@ release-notes at release time)
 Notable changes
 ===============
 
+Random-cookie RPC authentication
+---------------------------------
+
+When no `-rpcpassword` is specified, the daemon now uses a special 'cookie'
+file for authentication. This file is generated with random content when the
+daemon starts, and deleted when it exits. Its contents are used as
+authentication token. Read access to this file controls who can access through
+RPC. By default it is stored in the data directory but its location can be
+overridden with the option `-rpccookiefile`.
+
+This is similar to Tor's CookieAuthentication: see
+https://www.torproject.org/docs/tor-manual.html.en
+
+This allows running bitcoind without having to do any manual configuration.
+
 Example header
 ----------------------
author	Wladimir J. van der Laan <laanwj@gmail.com>	2015-07-14 13:05:35 +0200
committer	Wladimir J. van der Laan <laanwj@gmail.com>	2015-07-14 13:06:01 +0200
commit	fd5dfda9396968346edcf1f5ddf946d63e797554 (patch)
tree	d45ba1bce0c7994fa496731577782304a342b6bf /doc
parent	bb59e7890cb45f71192c1a4bc0268618d2f6075e (diff)
parent	093729055358ecf155b74ce1b2870d3eb9064355 (diff)