121 | | === Example: Apache === |
122 | | |
123 | | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
124 | | {{{ |
125 | | $ htpasswd -c /somewhere/trac.htpasswd admin |
126 | | New password: <type password> |
127 | | Re-type new password: <type password again> |
128 | | Adding password for user admin |
129 | | }}} |
130 | | |
131 | | After the first user, you dont need the "-c" option anymore: |
132 | | {{{ |
133 | | $ htpasswd /somewhere/trac.htpasswd john |
134 | | New password: <type password> |
135 | | Re-type new password: <type password again> |
136 | | Adding password for user john |
137 | | }}} |
138 | | |
139 | | ''See the man page for `htpasswd` for full documentation.'' |
140 | | |
141 | | After you've created the users, you can set their permissions using TracPermissions. |
142 | | |
143 | | Now, you'll need to enable authentication against the password file in the Apache configuration: |
144 | | {{{ |
145 | | <Location "/trac/login"> |
146 | | AuthType Basic |
147 | | AuthName "Trac" |
148 | | AuthUserFile /somewhere/trac.htpasswd |
149 | | Require valid-user |
150 | | </Location> |
151 | | }}} |
152 | | |
153 | | If you're hosting multiple projects you can use the same password file for all of them: |
154 | | {{{ |
155 | | <LocationMatch "/trac/[^/]+/login"> |
156 | | AuthType Basic |
157 | | AuthName "Trac" |
158 | | AuthUserFile /somewhere/trac.htpasswd |
159 | | Require valid-user |
160 | | </LocationMatch> |
161 | | }}} |
162 | | |
163 | | For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
164 | | {{{ |
165 | | <Location "/trac/login"> |
166 | | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
167 | | AuthType Digest |
168 | | AuthName "trac" |
169 | | AuthDigestDomain /trac |
170 | | AuthUserFile /somewhere/trac.htpasswd |
171 | | Require valid-user |
172 | | </Location> |
173 | | }}} |
174 | | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
175 | | {{{ |
176 | | # htdigest /somewhere/trac.htpasswd trac admin |
177 | | }}} |
178 | | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |
| 120 | See TracInstall#ConfiguringAuthentication. |