|Version 1 (modified by 16 years ago) ( diff ),|
Introduction to Authentication for Trac
|This is a work in progress document - and is written by someone who has been working this stuff out, rather than an expert. Please feel free to add clarifications, corrections and additions|
The basic idea is that Trac itself does not do authentication (other than for tracd which I don't intend to cover here). Authentication is done by the http daemon environment, and the authentication information passed to trac when it is invoked by the httpd.
There are 2 basic approaches to Trac authentication:-
- Restrict access to the whole Trac installation, so that none of the trac pages are visible without authentication.
- Restrict access such that the Trac installation is visible to someone without authentication, but you can login with Trac.
The following examples are based on an Apache httpd server - further information on authentication on Apache can be found at http://httpd.apache.org/docs-2.0/howto/auth.html
They use a password file at
/var/www/db/passwd - you will need to manipulate this with the
htpasswd program or you could look at http://stein.cshl.org/~lstein/user_manage/
As an alternative you could drop in digest authentication - the Apache documentation describes this.
Require Authentication To Access The Trac Installation
This is the simplest method in both concept and implementation. It also allows you to know that your data is as secure as your web server authentication scheme and that there is a degree of trust in the user information entered on tickets etc.
For a trac installation under
/var/www/trac, visible as URL
http://www.example.com/trac/ you can use an authenticaton stanza for Apache similar to:-
<Location /trac> AuthType Basic AuthName "trac" AuthUserFile /var/www/db/passwd Require valid-user ... extra directives to invoke trac ... - ie ScriptAlias or mod_python stuff </Location>
Optional Authentication For The Trac Installation
(will write this chunk shortly…)