363 | | |
364 | | We'll describe here the most common scenario. |
365 | | |
366 | | |
367 | | === Example: Basic Authentication with Apache === |
368 | | |
369 | | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
370 | | {{{ |
371 | | $ htpasswd -c /somewhere/trac.htpasswd admin |
372 | | New password: <type password> |
373 | | Re-type new password: <type password again> |
374 | | Adding password for user admin |
375 | | }}} |
376 | | |
377 | | After the first user, you dont need the "-c" option anymore: |
378 | | {{{ |
379 | | $ htpasswd /somewhere/trac.htpasswd john |
380 | | New password: <type password> |
381 | | Re-type new password: <type password again> |
382 | | Adding password for user john |
383 | | }}} |
384 | | |
385 | | ''See the man page for `htpasswd` for full documentation.'' |
386 | | |
387 | | After you've created the users, you can set their permissions using TracPermissions. |
388 | | |
389 | | Now, you'll need to enable authentication against the password file in the Apache configuration: |
390 | | {{{ |
391 | | <Location "/trac/login"> |
392 | | AuthType Basic |
393 | | AuthName "Trac" |
394 | | AuthUserFile /somewhere/trac.htpasswd |
395 | | Require valid-user |
396 | | </Location> |
397 | | }}} |
398 | | |
399 | | If you're hosting multiple projects you can use the same password file for all of them: |
400 | | {{{ |
401 | | <LocationMatch "/trac/[^/]+/login"> |
402 | | AuthType Basic |
403 | | AuthName "Trac" |
404 | | AuthUserFile /somewhere/trac.htpasswd |
405 | | Require valid-user |
406 | | </LocationMatch> |
407 | | }}} |
408 | | |
409 | | === Example: Digest Authentication with Apache === |
410 | | |
411 | | For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
412 | | {{{ |
413 | | <Location "/trac/login"> |
414 | | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
415 | | AuthType Digest |
416 | | AuthName "trac" |
417 | | AuthDigestDomain /trac |
418 | | AuthUserFile /somewhere/trac.htpasswd |
419 | | Require valid-user |
420 | | </Location> |
421 | | }}} |
422 | | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
423 | | {{{ |
424 | | # htdigest /somewhere/trac.htpasswd trac admin |
425 | | }}} |
426 | | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |
427 | | |
428 | | |
429 | | === More authentication scenarios |
430 | | |
431 | | To learn more how to setup authentication for the frontend you're using, please refer to one of the following pages: |
432 | | |
433 | | * TracStandalone if you use the standalone server, `tracd`. |
434 | | * [wiki:TracModWSGI] if you use the Apache mod_wsgi web front end. |
435 | | * TracModPython if you use the Apache mod_python web front end. |
| 362 | Please refer to one of the following sections: |
| 363 | * TracStandalone#UsingAuthentication if you use the standalone server, `tracd`. |
| 364 | * [wiki:TracModWSGI#ConfiguringAuthentication TracModWSGI#ConfiguringAuthentication] if you use the Apache web server, with any of its front end: `mod_wsgi` of course, but the same instructions applies also for `mod_python`, `mod_fcgi` or `mod_fastcgi`. |
| 365 | * TracFastCgi if you're using another web server with FCGI support (Cherokee, Lighttpd, !LiteSpeed, nginx) |