Edgewall Software

Changes between Version 29 and Version 30 of TracModWSGI


Ignore:
Timestamp:
Feb 27, 2011, 5:00:56 PM (13 years ago)
Author:
Christian Boos
Comment:

move [TracInstall@337#ConfiguringAuthentication] Apache examples to this page, as mod_wsgi is the preferred way to serve Trac with Apache

Legend:

Unmodified
Added
Removed
Modified

  • TracModWSGI

    v29 v30  
    8484
    8585
     86== Configuring Authentication
     87
     88=== Example: Basic Authentication with Apache ===
     89
     90The simplest way to enable authentication with Apache is to create a password file. Use the `htpasswd` program to create the password file:
     91{{{
     92$ htpasswd -c /somewhere/trac.htpasswd admin
     93New password: <type password>
     94Re-type new password: <type password again>
     95Adding password for user admin
     96}}}
     97
     98After the first user, you dont need the "-c" option anymore:
     99{{{
     100$ htpasswd /somewhere/trac.htpasswd john
     101New password: <type password>
     102Re-type new password: <type password again>
     103Adding password for user john
     104}}}
     105
     106  ''See the man page for `htpasswd` for full documentation.''
     107
     108After you've created the users, you can set their permissions using TracPermissions.
     109
     110Now, you'll need to enable authentication against the password file in the Apache configuration:
     111{{{
     112<Location "/trac/login">
     113  AuthType Basic
     114  AuthName "Trac"
     115  AuthUserFile /somewhere/trac.htpasswd
     116  Require valid-user
     117</Location>
     118}}}
     119
     120If you're hosting multiple projects you can use the same password file for all of them:
     121{{{
     122<LocationMatch "/trac/[^/]+/login">
     123  AuthType Basic
     124  AuthName "Trac"
     125  AuthUserFile /somewhere/trac.htpasswd
     126  Require valid-user
     127</LocationMatch>
     128}}}
     129
     130=== Example: Digest Authentication with Apache ===
     131
     132For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section  in apache configuration can look like this:
     133{{{
     134<Location "/trac/login">
     135    LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
     136    AuthType Digest
     137    AuthName "trac"
     138    AuthDigestDomain /trac
     139    AuthUserFile /somewhere/trac.htpasswd
     140    Require valid-user
     141</Location>
     142}}}
     143and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows:
     144{{{
     145# htdigest /somewhere/trac.htpasswd trac admin
     146}}}
     147where the "trac" parameter above is the same as !AuthName above  ("Realm" in apache-docs).
    86148
    87149=== Example: Apache Basic Authentication for Trac and mod_wsgi