Edgewall Software

Changes between Version 50 and Version 51 of TracCgi


Ignore:
Timestamp:
Feb 27, 2011, 2:02:23 PM (13 years ago)
Author:
Christian Boos
Comment:

Moved #AddingAuthentication to TracInstall@334#ConfiguringAuthentication

Legend:

Unmodified
Added
Removed
Modified

  • TracCgi

    v50 v51  
    117117
    118118== Adding Authentication ==
    119 Trac uses HTTP authentication. You'll need to configure your webserver to request authentication when trac.cgi/login is hit (the virtual path of the "login" button). Trac will automatically pick the REMOTE_USER variable up after you provide your credentials. Therefore, all user management goes through your web server configuration. Please consult the documentation of your web server for more info.
    120119
    121 === Example: Apache ===
    122 
    123 The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file:
    124 {{{
    125 $ htpasswd -c /somewhere/trac.htpasswd admin
    126 New password: <type password>
    127 Re-type new password: <type password again>
    128 Adding password for user admin
    129 }}}
    130 
    131 After the first user, you dont need the "-c" option anymore:
    132 {{{
    133 $ htpasswd /somewhere/trac.htpasswd john
    134 New password: <type password>
    135 Re-type new password: <type password again>
    136 Adding password for user john
    137 }}}
    138 
    139   ''See the man page for `htpasswd` for full documentation.''
    140 
    141 After you've created the users, you can set their permissions using TracPermissions.
    142 
    143 Now, you'll need to enable authentication against the password file in the Apache configuration:
    144 {{{
    145 <Location "/trac/login">
    146   AuthType Basic
    147   AuthName "Trac"
    148   AuthUserFile /somewhere/trac.htpasswd
    149   Require valid-user
    150 </Location>
    151 }}}
    152 
    153 If you're hosting multiple projects you can use the same password file for all of them:
    154 {{{
    155 <LocationMatch "/trac/[^/]+/login">
    156   AuthType Basic
    157   AuthName "Trac"
    158   AuthUserFile /somewhere/trac.htpasswd
    159   Require valid-user
    160 </LocationMatch>
    161 }}}
    162 
    163 For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section  in apache configuration can look like this:
    164 {{{
    165 <Location "/trac/login">
    166     LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
    167     AuthType Digest
    168     AuthName "trac"
    169     AuthDigestDomain /trac
    170     AuthUserFile /somewhere/trac.htpasswd
    171     Require valid-user
    172 </Location>
    173 }}}
    174 and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows:
    175 {{{
    176 # htdigest /somewhere/trac.htpasswd trac admin
    177 }}}
    178 where the "trac" parameter above is the same as !AuthName above  ("Realm" in apache-docs).
     120See TracInstall#ConfiguringAuthentication.
    179121
    180122----