| 86 | == Configuring Authentication |
| 87 | |
| 88 | === Example: Basic Authentication with Apache === |
| 89 | |
| 90 | The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file: |
| 91 | {{{ |
| 92 | $ htpasswd -c /somewhere/trac.htpasswd admin |
| 93 | New password: <type password> |
| 94 | Re-type new password: <type password again> |
| 95 | Adding password for user admin |
| 96 | }}} |
| 97 | |
| 98 | After the first user, you dont need the "-c" option anymore: |
| 99 | {{{ |
| 100 | $ htpasswd /somewhere/trac.htpasswd john |
| 101 | New password: <type password> |
| 102 | Re-type new password: <type password again> |
| 103 | Adding password for user john |
| 104 | }}} |
| 105 | |
| 106 | ''See the man page for `htpasswd` for full documentation.'' |
| 107 | |
| 108 | After you've created the users, you can set their permissions using TracPermissions. |
| 109 | |
| 110 | Now, you'll need to enable authentication against the password file in the Apache configuration: |
| 111 | {{{ |
| 112 | <Location "/trac/login"> |
| 113 | AuthType Basic |
| 114 | AuthName "Trac" |
| 115 | AuthUserFile /somewhere/trac.htpasswd |
| 116 | Require valid-user |
| 117 | </Location> |
| 118 | }}} |
| 119 | |
| 120 | If you're hosting multiple projects you can use the same password file for all of them: |
| 121 | {{{ |
| 122 | <LocationMatch "/trac/[^/]+/login"> |
| 123 | AuthType Basic |
| 124 | AuthName "Trac" |
| 125 | AuthUserFile /somewhere/trac.htpasswd |
| 126 | Require valid-user |
| 127 | </LocationMatch> |
| 128 | }}} |
| 129 | |
| 130 | === Example: Digest Authentication with Apache === |
| 131 | |
| 132 | For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section in apache configuration can look like this: |
| 133 | {{{ |
| 134 | <Location "/trac/login"> |
| 135 | LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so |
| 136 | AuthType Digest |
| 137 | AuthName "trac" |
| 138 | AuthDigestDomain /trac |
| 139 | AuthUserFile /somewhere/trac.htpasswd |
| 140 | Require valid-user |
| 141 | </Location> |
| 142 | }}} |
| 143 | and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows: |
| 144 | {{{ |
| 145 | # htdigest /somewhere/trac.htpasswd trac admin |
| 146 | }}} |
| 147 | where the "trac" parameter above is the same as !AuthName above ("Realm" in apache-docs). |