Modify

Opened 7 years ago

Last modified 22 months ago

#2498 assigned defect

Unable to login - even from browser

Reported by: anonymous Owned by: txcraig
Priority: normal Component: HttpAuthPlugin
Severity: normal Keywords:
Cc: thijs Trac Release: 0.10

Description

I enable the plugin, but then when I test it by go to the /xmlrpc, trying to enter any username/password created by AccountManager plugin doesn't work.

Attachments (0)

Change History (13)

comment:1 Changed 7 years ago by danigoldman

I've got the same issue over here.

comment:2 Changed 7 years ago by milesparker@…

I have the same issue..here are the relevant Trac.ini settings..

[account-manager]
password_file = [path]/trac_sites/scoreabm.passwd
password_format = htpasswd

[components]
acct_mgr.* = enabled
httpauth.filter.httpauthfilter = enabled
tracrpc.* = enabled
webadmin.* = enabled
httpauth.* = enabled
trac.web.auth.LoginModule = disabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.htfile.HtPasswdStore = enabled

[httpauth]
paths = /xmlrpc, /login/xmlrpc

comment:3 Changed 7 years ago by Till <datenrecycling@…>

I had the same problem and found a solution:

Some part (FastCGI, AccountManager or HttpAuthPlugin) expects the authenthcation information in the HTTP_AUTHORIZATION Header.

But the information is stored in the Authorization Header.

Solution in the Apache2-Config:
Tell FastCGI to pass the Header:
FastCgiConfig -pass-header HTTP_AUTHORIZATION

Add the additional header:
RewriteEngine on
RewriteCond %{HTTP:Authorization} (.*)
RewriteRule .* - [E=AUTHINFO:%1]
RequestHeader add HTTP_AUTHORIZATION %{AUTHINFO}e env=AUTHINFO

comment:4 Changed 7 years ago by milesparker@…

Thanks for the diagnosis/solution. Unfortunately, I don't have access to my Apache config. Any ideas for working around this issue w/o editing config?

comment:5 Changed 7 years ago by Till <datenrecycling@…>

You could just write the config to an .htaccess file.

Unfortunately, this does not work for the FastCgiConfig, but maybe it is your lucky day and it works.

comment:6 Changed 6 years ago by anonymous

had the same problem while trying to force httpauth to all uris with "format=rss" on trac0.11.2.1 and accountmanager while using fgcid in apache2 and form based auth behind forced ssl.

bottomline: what Till describes above works fine, also with fcgid, just add

PassHeader HTTP_AUTHORIZATION

to the fcgid config

i also use the patch suggested in #3100

i think this should be better documented and closed

comment:7 follow-up: Changed 6 years ago by tch

I had the same issue with WSGI:

Solution -

Add WSGIPassAuthorization On

to your apache config for your site.

comment:8 in reply to: ↑ 7 ; follow-up: Changed 6 years ago by thijs

  • Cc thijs added; anonymous removed

Replying to tch:

I had the same issue with WSGI:

Solution -

Add WSGIPassAuthorization On

to your apache config for your site.

Seems like this, and other suggestions in this ticket, should be documented on the plugin's frontpage, and then it can be closed?

comment:9 in reply to: ↑ 8 Changed 5 years ago by anonymous

Any ideas on how to get around this when using mod_python (No WSGI, FastCGI) etc. I am currently unable to use the Register and Change Password features of the AccountManager due to this.

Also, am I correct in thinking this is linked to 1390? I get the same error message when attempting to log in after having created a new user.

Relevant trac.ini section

[account-manager]
hash_method = HtPasswdHashMethod
password_file = /path/to/htpasswd
password_store = HtPasswdStore

[components]
acct_mgr.admin.accountmanageradminpage = enabled
acct_mgr.api.accountmanager = enabled
acct_mgr.htfile.abstractpasswordfilestore = disabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.notification.accountchangelistener = enabled
acct_mgr.notification.accountchangenotificationadminpanel = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.accountmodule = enabled
acct_mgr.web_ui.emailverificationmodule = disabled
acct_mgr.web_ui.loginmodule = disabled
acct_mgr.web_ui.registrationmodule = enabled
httpauth.* = enabled
trac.web.auth.loginmodule = enabled

comment:10 Changed 5 years ago by mcburn

what is the solution without an apache2?

i try to connect with eclipse/mylin to http://.../trac/login/xmlrpc and i got this msg: Unable to authenticate with repository. Login credentials invalid.

and if i try it with a browser, the login prompt toggled and i have to cancel.

comment:11 follow-up: Changed 5 years ago by daddy.cool.78@…

Having the same problem described here, I couldn't use the solution described. For whatever reason, I always finished with a error 500 on my server.

For the record, I'm using Dreamhost for server and I use a custom python to run the Trac.

For this to work, I added these line in my .htaccess file :

SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

Didn't put them in any <if> or whatever, so I hope it can help some if you ever get on this page. With this config, EclipseWiki integration works. Finally

comment:12 in reply to: ↑ 11 Changed 3 years ago by anonymous

Replying to daddy.cool.78@gmail.com:

Having the same problem described here, I couldn't use the solution described. For whatever reason, I always finished with a error 500 on my server.

For the record, I'm using Dreamhost for server and I use a custom python to run the Trac.

For this to work, I added these line in my .htaccess file :

SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

Didn't put them in any <if> or whatever, so I hope it can help some if you ever get on this page. With this config, EclipseWiki integration works. Finally

Brilliant, thanks for that. Worked perfectly for me on Dreamhost (trying to get it working so it connects to my Zend Studio).

comment:13 Changed 22 months ago by txcraig

  • Owner changed from coderanger to txcraig
  • Status changed from new to assigned

I am adopting this plugin. Looks like there are some documentation updates needed and this can be closed.

Add Comment

Modify Ticket

Action
as assigned The owner will remain txcraig.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.