Force HTTP authentication from within Trac
This plugin allows you to protect certain paths with HTTP authentication. The AccountManagerPlugin is used to check passwords.
Primarily this is meant to be used with the XmlRpcPlugin, so it will work while using AccountManager's form-based logins.
If you have any issues, create a new ticket.
Download the zipped source from here.
There is also a version on PyPi.
General instructions on installing Trac plugins can be found on the TracPlugins page.
To enable the plugin:
[components] httpauth.* = enabled
The following are configuration examples for usage of this plugin, by making the indicated changes to your
To add additional paths:
[httpauth] paths = /xmlrpc, /login/xmlrpc
To add additional formats, such as RSS:
[httpauth] formats = rss
Authentication issues while using Trac with mod_wsgi
HTTP authentication just does not want to work. The Authorization header is passed with the HTTP request, but it seems to be lost on the way.
If you set the
INFO, then you will get this entry in your
Trac[filter] INFO: HTTPAuthFilter: No/bad authentication data given, returing 403
See ticket #1169.
If you're using
mod_wsgi, authorization information is stripped before passing to the WSGI application.
WSGIPassAuthorization On in your
Apache configuration for it to work.
See also ConfigurationDirectives.
- 12656 by txcraig on 2013-02-24 13:55:10
#10881 Added maintainer and maintainer_email setting after adopting HttpAuthPlugin
- 12394 by jun66j5 on 2012-11-29 17:26:08
Fixed broken communication between client on
401 Unauthorized. Sends
Connection: closeheader in this case.
- 6675 by pacopablo on 2009-10-11 03:07:19
Content-Lengthheader. Needed for API change in 0.12.
While not strictly necessary for anything prior to trunk, the change is
still worth while.