Edgewall Software

Changes between Version 31 and Version 32 of TracModWSGI


Ignore:
Timestamp:
Feb 27, 2011, 5:45:08 PM (13 years ago)
Author:
Christian Boos
Comment:

refreshing the section about Basic and Digest authentication, adding some details found in trunk/doc/install/apacheauth.rst

Legend:

Unmodified
Added
Removed
Modified

  • TracModWSGI

    v31 v32  
    8585
    8686== Configuring Authentication
     87
     88We describe in the the following sections different methods for setting up authentication.
     89
     90See also [http://httpd.apache.org/docs/2.2/howto/auth.html Authentication, Authorization and Access Control] in the Apache guide.
    8791
    8892=== Using Basic Authentication ===
     
    128132}}}
    129133
     134See also the [http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html mod_auth_basic] documentation.
     135
    130136=== Using Digest Authentication ===
    131137
    132 For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”. Please read the [http://httpd.apache.org/docs/2.0/ Apache HTTPD documentation] to find out more. For example, on a Debian 4.0r1 (etch) system the relevant section  in apache configuration can look like this:
     138For better security, it is recommended that you either enable SSL or at least use the “digest” authentication scheme instead of “Basic”.
     139
     140You'll have to create your `.htpasswd` file with the `htdigest` command instead of `htpasswd`, as follows:
     141{{{
     142# htdigest /somewhere/trac.htpasswd trac admin
     143}}}
     144
     145The "trac" parameter above is the "realm", and will have to be reused in the Apache configuration in the !AuthName directive:
     146
    133147{{{
    134148<Location "/trac/login">
    135     LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
     149
    136150    AuthType Digest
    137151    AuthName "trac"
     
    141155</Location>
    142156}}}
    143 and you'll have to create your .htpasswd file with htdigest instead of htpasswd as follows:
    144 {{{
    145 # htdigest /somewhere/trac.htpasswd trac admin
    146 }}}
    147 where the "trac" parameter above is the same as !AuthName above  ("Realm" in apache-docs).
    148 
    149 
    150 Creating password files and configuring authentication works similar to the examples given in the generic instructions for [wiki:TracInstall#ConfiguringAuthentication configuring authentication]:
    151 {{{
    152 #!xml
    153 <Location /projects/myproject/login>
    154   AuthType Basic
    155   AuthName "myproject"
    156   AuthUserFile /var/trac/myproject/.htpasswd
    157   Require valid-user
    158 </Location>
    159 }}}
     157
     158For multiple environments, you can use the same `LocationMatch` as described with the previous method.
     159
     160Don't forget to activate the mod_auth_diget. For example, on a Debian 4.0r1 (etch) system:
     161{{{
     162    LoadModule auth_digest_module /usr/lib/apache2/modules/mod_auth_digest.so
     163}}}
     164
     165
     166See also the [http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html mod_auth_digest] documentation.
    160167
    161168=== Using LDAP Authentication