Ticket #3013 (closed defect: invalid)

Opened 7 months ago

Last modified 7 months ago

make it possible to use Digest-based authentication

Reported by: paul@ororke.com Assigned to: athomas
Priority: normal Component: XmlRpcPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.10

Description

currently, I believe that users are forced to drop back from htdigest to htpasswd due to the following issue. This is a significant inconvenience, especially when many users have entered their passwords in the digest file and when multiple projects are involved.

The following is from http://trac-hacks.org/wiki/XmlRpcPlugin...

Problems with Digest HTTP authentication

The xmlrpclib.ServerProxy? client - as demonstrated in the following examples - will not work with a Digest-based HTTP authentication: you need to set up a Basic HTTP authentication on server side to make the examples work.

If you use the standalone Trac daemon, this means that you cannot use the tracd -a option (htdigest authentication file). Use trac --basic-auth (htpasswd authentication file) instead.

Attachments

Change History

05/11/08 21:11:54 changed by athomas

  • status changed from new to closed.
  • resolution set to invalid.

It's not clear to me what this has to do with XmlRpcPlugin. This is a limitation of the Python XML-RPC client.

05/11/08 22:09:34 changed by paul@ororke.com

ok, I see. thanks for the quick response!

it seems like Python has libraries that would support digest authentication (e.g.,

http://docs.python.org/lib/module-hashlib.html)

also, it seems like there are several people (mostly doing grid computing) with digest authentication in Python xmlrpc clients. I will ping a couple of them in case it might make sense for users of xmlrpcplugin to use an alternative client that can do digest authentication.

Add/Change #3013 (make it possible to use Digest-based authentication)




Change Properties
Action