Opened 18 years ago
Closed 14 years ago
#2417 closed enhancement (wontfix)
Customizable trac_auth cookie domain
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | web frontend | Version: | devel |
| Severity: | normal | Keywords: | authentication trac_auth domain needfixup |
| Cc: | lm@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
We're using Kerberos over HTTP Basic authentication with Trac. To reduce the CPU load on the Web server we'd like to redirect to SSL only for the authentication request, then go back to regular HTTP otherwise. We can do this with Apache directives, but the cookie is not used by the non-SSL server (which has a different hostname, per university policy). I ended up having to hack web/auth.py to add in LoginModule._do_login:
req.outcookie['trac_auth']['domain'] = 'acm.uiuc.edu'
With that, everything seems to work, but it'd be nice to be able to have a trac.ini setting for 'cookie domain'.
Attachments (1)
Change History (10)
comment:1 by , 17 years ago
| Keywords: | authentication added |
|---|
comment:2 by , 17 years ago
Look at tracforge.linker.auth.CookieMunger for an example of doing this in a plugin. Not pretty, but it works.
comment:3 by , 17 years ago
| Keywords: | consider added |
|---|---|
| Milestone: | → 0.12 |
comment:4 by , 16 years ago
As the solution to address the initial bug report is quite simple I suggest to address this in trac instead of moving this to a plugin.
It's required to sent a domain if one is set in trac.ini. Else trac behaves as before. Therefore there is no risk to break existing installations.
Please consider to merge the patch to the upcoming 0.11 release.
by , 16 years ago
| Attachment: | auth.py.diff added |
|---|
Check the trac.ini for a trac_auth section to get the domain.
comment:5 by , 16 years ago
The check if the length of the domain string from the environment is greater than zero was added to prevent the system from setting an superfluous and maybe different behavior causing empty variable.
I'm not sure if this is required.
From my point of view this doesn't harm as the operation is cheap and not performed that often,
comment:6 by , 16 years ago
| Cc: | added |
|---|
A reference to this defect was added to the Novell bugzilla system for the openSUSE product. See https://bugzilla.novell.com/show_bug.cgi?id=344775
comment:7 by , 14 years ago
| Keywords: | needfixup added; consider removed |
|---|
Would be nice to expand the patch with defining an Option, with appropriate documentation.
comment:8 by , 14 years ago
Three years later and openslx doesn't longer use track. Therefore I can't test your suggested change. Nevertheless thanks you and the trac project for your support!
comment:9 by , 14 years ago
| Component: | general → web frontend |
|---|---|
| Keywords: | trac_auth domain added |
| Milestone: | next-major-0.1X |
| Resolution: | → wontfix |
| Status: | new → closed |
Thank you for the feedback!
In those 3 years, it also seems that no one else has got a similar need (or they remained silent and just used the patch ;-) ), so I'm now closing as wontfix.
However, if someone else has a similar need, feel free to refresh the patch as requested and then reopen.
Not sure this is going to make it into trunk because it is too specific a problem. Can it be solved with a plugin?
wontfix?