| | 286 | === Configuring authentication using the Account Manager plugin's !LoginModule === |
| | 287 | |
| | 288 | To begin with, see the basic instructions for using the !LoginModule [http://trac-hacks.org/wiki/AccountManagerPlugin/Modules#LoginModule here] and [http://trac-hacks.org/wiki/AccountManagerPlugin/AuthStores here]. |
| | 289 | |
| | 290 | The differences you need to be aware of when using the !LoginModule with WSGI, is that if you're using its !HttpAuthStore authentication module, then the page identified by the trac.ini ''authentication_url'' directive '''must''' be fetchable. See this example from one of the above links for hosting a single project: |
| | 291 | {{{ |
| | 292 | [components] |
| | 293 | ; be sure to enable the component |
| | 294 | acct_mgr.http.HttpAuthStore = enabled |
| | 295 | |
| | 296 | [account-manager] |
| | 297 | ; configure the plugin to use a page that is secured with http authentication |
| | 298 | authentication_url = http://hostname/trac/authFile |
| | 299 | password_store = HttpAuthStore |
| | 300 | }}} |
| | 301 | This will generally be matched with an Apache config like: |
| | 302 | {{{ |
| | 303 | <Location /trac/authFile> |
| | 304 | …HTTP authentication configuration… |
| | 305 | Require valid-user |
| | 306 | </Directory> |
| | 307 | }}} |
| | 308 | Note that '''authFile''' must exist, and be a file (not directory) that can be accessed via ''authentication_url''. With Trac running under WSGI, making this happen is not obvious. There are 4 ways you can do this: |
| | 309 | 1. You can place a 0-length file called authFile somewhere under the Apache !DocumentRoot but outside of the Trac project. A standard ''authentication_url'' value can then be used, but this may make your project more difficult to maintain, especially if you host multiple projects and need authentication to be specific to each project. |
| | 310 | 1. Put authFile in your project's htdocs directory, and change ''authentication_url'' to: |
| | 311 | {{{ |
| | 312 | authentication_url = http://hostname/trac/chrome/site/authFile |
| | 313 | }}} |
| | 314 | This has the advantage that your Trac project need not be under Apache's !DocumentRoot, thereby making it more secure. |
| | 315 | 1. Follow the directions in the [http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines WSGI Configuration Guidelines] article's "Hosting Of Static Files" section on how to exempt specific paths from being routed through WSGI. With this method, a standard ''authentication_url'' value can be used, and authFile can be placed where you like within the Trac environment. Note that if your Trac projects are not under !DocumentRoot, you will need an 'Allow all' directive within your <Location> section. |
| | 316 | 1. Contrary to the recommendation in the WSGI article above, you could use the !SetHandler directive to reset the Apache content handler back to 'None' for URLs mapped to static files. This would work in a similar fashion to example 3. |
