Ability to provide whitelist of OpenIDs
|Reported by:||ross.fenning@…||Owned by:||dalius|
|Severity:||normal||Keywords:||user, users, whitelist, security|
When using HTTP authentication, it was perfectly possible to manage the htpasswd file in Apache as I wished and only allow logins to specific people. I've not enabled OpenID and disabled the original login mechanism and, as far as I can see, this has now opened up my Trac to anyone with an OpenID.
Is there a way to allow only a given list of OpenIDs? I've looked around for a good hour and couldn't quite find it if it can be done. If it cannot be done, I'd like to request this as a feature.
Change History (10)
comment:6 Changed 6 years ago by michela
- Resolution fixed deleted
- Status changed from closed to reopened
- Type changed from enhancement to defect
comment:8 follow-up: ↓ 9 Changed 6 years ago by dalius
- Resolution set to fixed
- Status changed from reopened to closed