mod_python config docu incomplete for user authentication

[Volker <volker@…>]

wiki/TracModPython#ConfiguringAuthentication outlines how to set up user authentication with apache mod_python, but it doesn't say how to do this for what I would have expected to be the most common case - allow anyone to browse tickets, but only allow logged-in users to edit pages and tickets.

In addition to the apache directives already given in the wiki, these are required (there may still be more paths missing besides login and prefs):

<Location /trac/>
  Satisfy any
</Location>
<LocationMatch /trac/[^/]*/(login|prefs)>
  Require valid-user
  Satisfy all
</LocationMatch>

Could this be added to 0.11 final, please?

[Noah Kantrowitz]

This is actually not the correct way to do authentication, but the new install guide ​has a section on Apache authentication.

[Volker <volker@…>]

Thanks for the pointer, but could you elaborate on how the authentication shown there is different? The only difference I can see is that the Satisfy directives aren't needed.

This ticket was also for a problem with the documentation shipped with 0.11. It is incomplete in this point. More importantly (I didn't mention this before) it hasn't been updated for 0.11 in many places. One strong part about trac is the included documentation (TracGuide), which is not so accurate for 0.11.

[Noah Kantrowitz]

One, you do not show any actual authentication config (you probably have it at a higher URL component, which is why you need the Satisfy directives). Two, users do not need to login to use the preferences system, it is designed with anonymous users in mind and will work just as well in either case. That snippet may work fine in your specific situation, but it is not the generic way to do things.

Much of the install documentation for 0.11 is currently horrible, this is why we are rewriting it more or less from scratch.