Modify

Opened 7 years ago

Closed 4 years ago

#2031 closed enhancement (duplicate)

add htpasswd2 as a method for creating new users

Reported by: p_ansell@… Owned by: mgood
Priority: normal Component: AccountManagerPlugin
Severity: major Keywords: htpasswd file
Cc: Trac Release: 0.10

Description

Its great that I can use a htpasswd2 format file for authentication, but is it possible to implement a feature which allows me to create new accounts on it as well. Currently I am registering all of my users manually which is a bit of a pain.

This would be an improvement over the read-only support that is references in ticket #599

Attachments (0)

Change History (5)

comment:1 Changed 7 years ago by mgood

  • Resolution set to worksforme
  • Status changed from new to closed

Account creation has been supported from the beginning. Initially via registration, and now there's also an admin page.

comment:2 follow-up: Changed 7 years ago by p_ansell@…

  • Resolution worksforme deleted
  • Status changed from closed to reopened
  • Type changed from defect to enhancement

What are the settings I need to use in order to get trac to generate valid htpasswd2 entries? You only referred to generic account creation in your "worksforme" "solution"

I am currently using the following in my trac.ini:

[account-manager] generated_password_length = 8 hash_method = HtPasswdHashMethod password_file = /var/lib/trac/svn/svnusers password_store = HtPasswdStore

When I register an account it adds a line to the bottom of the file, but it is not in htpasswd2 format. That is what my question was directed to, not generic account creation. The desired format is the first one, with the second being generated after a registration with this plugin.

validhtpasswd2user:$apr1$Rth1C/..$YZ7.0ZrJfUNmbFaCCuSuX0 tester:IJpZjm73rolhk

comment:3 in reply to: ↑ 2 Changed 7 years ago by mgood

  • Resolution set to worksforme
  • Status changed from reopened to closed

Replying to p_ansell@yahoo.com:

When I register an account it adds a line to the bottom of the file, but it is not in htpasswd2 format. That is what my question was directed to, not generic account creation. The desired format is the first one, with the second being generated after a registration with this plugin.

validhtpasswd2user:$apr1$Rth1C/..$YZ7.0ZrJfUNmbFaCCuSuX0
tester:IJpZjm73rolhk

Both of those are valid htpasswd entries. The first is in the MD5 format and the second is CRYPT, which is the default on all platforms besides Windows which doesn't support it.

From the htpasswd usage output:

 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.

This plugin follows the htpasswd defaults and generates MD5 hashes on Windows and CRYPT hashes everywhere else. It will read existing hashes in MD5, CRYPT and SHA.

comment:4 follow-up: Changed 5 years ago by dangb

  • Resolution worksforme deleted
  • Severity changed from normal to major
  • Status changed from closed to reopened

Hi!

I am sorry if I am annoying anyone by reopening this ticket, but I believe it is an important enhancement (if not bug) that needs to be taken care of.

The reason for my statement above is that it seems that if the method for computing the hashes is CRYPT, then the password is truncated to 8 characters in length. Basically I cannot have a secure public server on the Internet (or at least people's accounts are not as secure as they could be). However, if I have an MD5 generated hash, then the password is not truncated to 8 characters (I'm sure there is a limit but it's much higher).

I hope someone will write a patch, which will allow the configuration of the way the hashes are generated, with the possibility of specifying an MD5 hash.

Thanks, -Dan

comment:5 in reply to: ↑ 4 Changed 4 years ago by hasienda

  • Keywords htpasswd file added
  • Resolution set to duplicate
  • Status changed from reopened to closed

Replying to dangb:

![...] I hope someone will write a patch, which will allow the configuration of the way the hashes are generated, with the possibility of specifying an MD5 hash.

After a long time this could finally come true now.

I'm testing a patch for ticket #2282, that developed towards a similar goal, effectively becoming a duplicate of this one, but already got further towards a solution in the comment trail. So let's stick to (the other) one ticket for tracking this enhancement.

Add Comment

Modify Ticket

Action
as closed The owner will remain mgood.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.