Context Navigation

← Previous Change
Wiki History
Next Change →

Changes between Initial Version and Version 1 of AccountManagerPlugin/AuthStores

Timestamp:: Oct 9, 2010, 9:16:45 PM (14 years ago)
Author:: Steffen Hoffmann
Comment:: initial design and content, migrating information from main page here for better readability

Legend:

: Unmodified
: Added
: Removed
: Modified

AccountManagerPlugin/AuthStores

                       v1
+[[PageOutline(2-5,Contents,pullout)]]
+= Authentication modules for AccountManagerPlugin =
+ see !AccountManagerPlugin's [wiki:AccountManagerPlugin main page]
+== !HtDigestStore ==
+ '''Package''':: acct_mgr.htfile
+Used to store passwords in the htdigest file format.
+{{{
+#!div class="important"
+'''Warning:''' This password method may not work with [t:TracModPython mod_python] due to a  bug using Python’s md5 module under mod_python (''"it has been reported that mod_python has trouble returning good MD5 strings. It has been speculated that this is because many apache mods are using the same md5 source (php and so forth), but this is not confirmed"'').  If you experience problems try [t:TracFastCgi FastCGI], [t:wiki:TracModWSGI mod_wsgi], or [t:TracStandalone tracd].
+}}}
+To use this component to manage your password file you need to enable it as described above and add some additional configuration to [t:wiki:TracIni trac.ini]:
+{{{
+[components]
+; be sure to enable the component
+acct_mgr.htfile.HtDigestStore = enabled
+[account-manager]
+; configure the plugin to store passwords in the htdigest format:
+password_store = HtDigestStore
+; with Trac < 0.10 use this instead:
+password_format = htdigest
+; the file where user accounts are stored
+; the webserver will need write permissions to this file
+; and its parent folder
+password_file = /var/trac/trac.htdigest
+; the name of the authentication “realm”
+; it can be any text to identify your site or project
+htdigest_realm = TracRealm
+}}}
+== !HtPasswdStore ==
+ '''Package''':: acct_mgr.htfile
+Used to store passwords in the htpasswd file format.
+{{{
+#!div class="important"
+'''Warning:''' This password method may not work with [t:TracModPython mod_python] due to a bug using Python’s md5 module under mod_python.  If you experience problems try [t:TracFastCgi FastCGI], [t:wiki:TracModWSGI mod_wsgi], or [t:TracStandalone tracd].
+}}}
+To use this component to manage your password file you need to enable it as described above and add some additional configuration to [trac:TracIni trac.ini]:
+{{{
+[components]
+; be sure to enable the component
+acct_mgr.htfile.HtPasswdStore = enabled
+[account-manager]
+; configure the plugin to store passwords in the htpasswd format:
+password_store = HtPasswdStore
+; with Trac < 0.10 use this instead:
+password_format = htpasswd
+; optional hash type selection
+htpasswd_hash_type =
+; the file where user accounts are stored
+; the webserver will need write permissions to this file
+; and its parent folder
+password_file = /var/trac/trac.htpasswd
+}}}
+Recent changes:
+ * 'htpasswd_hash_type' for hash type selection available since [9274]
+== !HttpAuthStore ==
+ '''Package''':: acct_mgr.http
+'''Note:''' This component requires Trac 0.10 or later
+Used to delegate authentication to the web server.  This allows access to be restricted based on LDAP, a password file, etc, or some combination of them.
+Note: This password store does not support listing/adding/removing users or changing passwords.
+{{{
+[components]
+; be sure to enable the component
+acct_mgr.http.HttpAuthStore = enabled
+[account-manager]
+; configure the plugin to use a page that is secured with http authentication
+authentication_url = http://hostname/path
+password_store = HttpAuthStore
+}}}
+This will generally be matched with an Apache config like:
+{{{
+<Directory /var/www/html/path>
+   …HTTP authentication configuration…
+   Require valid-user
+</Directory>
+}}}
+== !SessionStore ==
+ '''Package''':: acct_mgr.db
+Stores password information in the trac database. This may give better behaviour if you have large numbers of users and are finding errors due to write contention on the password file. You must enable one or other of the hash method components. !HtDigestHashMethod is the default.
+{{{
+[components]
+; be sure to enable the component
+acct_mgr.db.SessionStore = enabled
+; choose one of the hash methods
+acct_mgr.pwhash.htdigesthashmethod = enabled
+acct_mgr.pwhash.htpasswdhashmethod = enabled
+trac.web.auth.loginmodule = disabled #this is important, otherwise login does not work. ref: http://www.gossamer-threads.com/lists/trac/users/41969
+[account-manager]
+password_store = SessionStore
+; choose one of the hash methods
+hash_method = HtDigestHashMethod
+hash_method = HtPasswdHashMethod
+}}}
+For more information see:
+  http://www.mailinglistarchive.com/trac-users@googlegroups.com/msg03696.html
+For sample configuration settings see  [wiki:SessionStoreSampleSettings sample-settings]
+== !SvnServePasswordStore ==
+ '''Package''':: acct_mgr.svnserve
+Allows Trac to use SVN users (may be in addition to Trac users). SVN server configuration option should be "svnserve". For more information, read chapter 6 of [http://svnbook.red-bean.com/ SVN book].
+{{{
+[components]
+; be sure to enable the component
+acct_mgr.svnserve.* = enabled
+acct_mgr.svnserve.svnservepasswordstore = enabled
+; choose one of the hash methods
+acct_mgr.pwhash.htdigesthashmethod = enabled
+acct_mgr.pwhash.htpasswdhashmethod = enabled
+[account-manager]
+password_store = SvnServePasswordStore
+password_file = /path/to/svn/repos/conf/passwd
+; choose one of the hash methods
+hash_method = HtDigestHashMethod
+hash_method = HtPasswdHashMethod
+}}}
+NB : `password_file` points to a file which defines users/passwords this way : `user = password`
+== Not yet available ==
+=== LDAP ===
+ Check [http://trac-hacks.org/ticket/1147 LDAPAuthStore] and LdapAuthStorePlugin regarding how to link LdapPlugin to AccountManagerPlugin.
+ #1600 is also related, we even prepare for adding it (see #1602).