Edgewall Software

Extension Point : IAuthenticator


An IAuthenticator authenticates users' web requests.


Trac allows anonymous and authenticated users. Users are by default authenticated when they can login via basic HTTP authentication.

This default authentication process can be replaced or augmented by plugins implementing IAuthenticator.


Implementing the interface follows the standard guidelines found in TracDev/ComponentArchitecture and of course TracDev/PluginDevelopment.

The only functionality required of an IAuthenticator is to return a username for any given request (or None if the request can not be authenticated).

Here usually things like req.remote_addr (the user's IP address), req.remote_user (the user's HTTP name) and req.incookie (cookies) are useful.

The default implementation trac.web.auth.LoginModule also provides authentication cookie management with various options and the Login and Logout links. To retain this functionality it can be useful to wrap or inherit from LoginModule.

Trac calls all authenticators via trac.web.main.RequestDispatcher.authenticate which lazily initializes the req.authname property.


The following minimal example replaces the entire login process of trac with a simple authenticator module that automatically authenticates only those requests originating from the local IP address as the user named local.

from trac.core import *
from trac.web.api import IAuthenticator

class LocalAuthenticator(Component):


    def authenticate(self, req):
        if req.remote_addr == '':
            return 'local'
        return None

Available Implementations

In Trac:

In third-party plugins:

Additional Information and References

Last modified 10 years ago Last modified on Apr 6, 2012, 6:16:44 PM
Note: See TracWiki for help on using the wiki.