| 363 | | |
| 364 | | We'll describe here the most common scenario. |
| 365 | | |
| 366 | | |
| 367 | | === Example: Basic Authentication with Apache === |
| 368 | | |
| 369 | | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
| 370 | | {{{ |
| 371 | | $ htpasswd -c /somewhere/trac.htpasswd admin |
| 372 | | New password: <type password> |
| 373 | | Re-type new password: <type password again> |
| 374 | | Adding password for user admin |
| 375 | | }}} |
| 376 | | |
| 377 | | After the first user, you dont need the "-c" option anymore: |
| 378 | | {{{ |
| 379 | | $ htpasswd /somewhere/trac.htpasswd john |
| 380 | | New password: <type password> |
| 381 | | Re-type new password: <type password again> |
| 382 | | Adding password for user john |
| 383 | | }}} |
| 384 | | |
| 385 | | ''See the man page for `htpasswd` for full documentation.'' |
| 386 | | |
| 387 | | After you've created the users, you can set their permissions using TracPermissions. |
| 388 | | |
| 389 | | Now, you'll need to enable authentication against the password file in the Apache configuration: |
| 390 | | {{{ |
| 391 | | <Location "/trac/login"> |
| 392 | | AuthType Basic |
| 393 | | AuthName "Trac" |
| 394 | | AuthUserFile /somewhere/trac.htpasswd |
| 395 | | Require valid-user |
| 396 | | </Location> |
| 397 | | }}} |
| 398 | | |
| 399 | | If you're hosting multiple projects you can use the same password file for all of them: |
| 400 | | {{{ |
| 401 | | <LocationMatch "/trac/[^/]+/login"> |
| 402 | | AuthType Basic |
| 403 | | AuthName "Trac" |
| 404 | | AuthUserFile /somewhere/trac.htpasswd |
| 405 | | Require valid-user |
| 406 | | </LocationMatch> |
| 407 | | }}} |
| 408 | | |
| 409 | | === Example: Digest Authentication with Apache === |
| 410 | | |
| 411 | | For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
| 412 | | {{{ |
| 413 | | <Location "/trac/login"> |
| 414 | | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
| 415 | | AuthType Digest |
| 416 | | AuthName "trac" |
| 417 | | AuthDigestDomain /trac |
| 418 | | AuthUserFile /somewhere/trac.htpasswd |
| 419 | | Require valid-user |
| 420 | | </Location> |
| 421 | | }}} |
| 422 | | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
| 423 | | {{{ |
| 424 | | # htdigest /somewhere/trac.htpasswd trac admin |
| 425 | | }}} |
| 426 | | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |
| 427 | | |
| 428 | | |
| 429 | | === More authentication scenarios |
| 430 | | |
| 431 | | To learn more how to setup authentication for the frontend you're using, please refer to one of the following pages: |
| 432 | | |
| 433 | | * TracStandalone if you use the standalone server, `tracd`. |
| 434 | | * [wiki:TracModWSGI] if you use the Apache mod_wsgi web front end. |
| 435 | | * TracModPython if you use the Apache mod_python web front end. |
| | 362 | Please refer to one of the following sections: |
| | 363 | * TracStandalone#UsingAuthentication if you use the standalone server, `tracd`. |
| | 364 | * [wiki:TracModWSGI#ConfiguringAuthentication TracModWSGI#ConfiguringAuthentication] if you use the Apache web server, with any of its front end: `mod_wsgi` of course, but the same instructions applies also for `mod_python`, `mod_fcgi` or `mod_fastcgi`. |
| | 365 | * TracFastCgi if you're using another web server with FCGI support (Cherokee, Lighttpd, !LiteSpeed, nginx) |
