| 35 | | (will write this chunk shortly...) |
| | 35 | This method of authentication allows unauthenticated users to see and to make (limited) changes to the Trac system. Authenticated users have a bit more access. To login you click on the ''Login'' entry on the top menubar; after authentication you are given a cookie which is used for authorization and access control. |
| | 36 | |
| | 37 | To do this you need to control access to the {{{login}}} name under the Traq system, so for the example above you would change the configuration to:- |
| | 38 | {{{ |
| | 39 | <Location /trac> |
| | 40 | ... extra directives to invoke trac |
| | 41 | ... - ie ScriptAlias or mod_python stuff |
| | 42 | </Location> |
| | 43 | <Location /trac/login> |
| | 44 | AuthType Basic |
| | 45 | AuthName "trac" |
| | 46 | AuthUserFile /var/www/db/passwd |
| | 47 | Require valid-user |
| | 48 | </Location> |
| | 49 | }}} |
| | 50 | |
| | 51 | == Issues == |
| | 52 | |
| | 53 | You really do want your subversion repository to be using the same names as the Trac authentication names so that labelling of changesets matches with names assigned to tickets etc. This means there is a great advantage in using DAV access to the subversion database and sharing the authentication (password) files between Trac and the WebDAV areas (maybe using group access to give a subset of the users access to the subversion database), although this can be done in other ways. |
| | 54 | |
| | 55 | In the authentication methods shown here the password travels in clear over the network. You can use Digest authentication to prevent the clear text password going over the network, but this can still be sniffed and replayed. If you require greater security then you really ''should'' use SSL for encryption, or another means of access control. |
