[patch] Add a RadiusAuthStore to AccountManagerPlugin
|Reported by:||Chris Shenton||Owned by:||Steffen Hoffmann|
|Severity:||normal||Keywords:||needinfo radius authentication|
|Cc:||Chris Shenton, Ryan J Ollos||Trac Release:||0.11|
We use Trac in an enterprisey environment at NASA HQ that uses RSA two-factor token authentication. We'd like Trac to be able to authenticate against it, over it's RADIUS protocol interface. RADIUS is frequently used by ISP and network access systems (e.g., WiFi routers) so is likely to be available in larger shops.
I've tried mod_auth_radius in Apache, and that works, except that:
- Sessions never timeout despite the setting of the expiration value in mod_auth_radius, unless we protect the entire site so the RADIUS cookie is 'visible'
- we can't support sites with anonymous and authenticated users with session timeouts since auth protects only the /login URL which is never returned to once authenticated.
So I've written an addition to AccountManagerPlugin (trunk) which allows you to authenticate from within Trac to a RADIUS server. I'm still testing but it seems to work.
It relies on the 'pyrad' library which is available on PyPi, so I've included that in the setup.py install_requires setting. I'm unaware of a less-intrusive way to do this.
Do you want this code, and if so, how should I integrate it with yours?
Right now I'm developing it on GitHub:
Change History (18)
comment:1 Changed 7 years ago by
|Owner:||changed from Matt Good to anonymous|
|Status:||new → assigned|
|Summary:||Adding RADIUS auth to AccountManagerPlugin (running code) → [PATCH] Adding RADIUS auth to AccountManagerPlugin|
comment:4 Changed 7 years ago by
|Summary:||[PATCH] Adding RADIUS auth to AccountManagerPlugin → [PATCH] Add a RadiusAuthStore to AccountManagerPlugin|
comment:5 Changed 7 years ago by
|Owner:||changed from anonymous to Steffen Hoffmann|
|Status:||assigned → new|
|Summary:||[PATCH] Add a RadiusAuthStore to AccountManagerPlugin → [patch] Add a RadiusAuthStore to AccountManagerPlugin|