[patch] Add a RadiusAuthStore to AccountManagerPlugin
|Reported by:||chris@…||Owned by:||hasienda|
|Severity:||normal||Keywords:||needinfo radius authentication|
|Cc:||chris@…, rjollos||Trac Release:||0.11|
We use Trac in an enterprisey environment at NASA HQ that uses RSA two-factor token authentication. We'd like Trac to be able to authenticate against it, over it's RADIUS protocol interface. RADIUS is frequently used by ISP and network access systems (e.g., WiFi routers) so is likely to be available in larger shops.
I've tried mod_auth_radius in Apache, and that works, except that:
- Sessions never timeout despite the setting of the expiration value in mod_auth_radius, unless we protect the entire site so the RADIUS cookie is 'visible'
- we can't support sites with anonymous and authenticated users with session timeouts since auth protects only the /login URL which is never returned to once authenticated.
So I've written an addition to AccountManagerPlugin (trunk) which allows you to authenticate from within Trac to a RADIUS server. I'm still testing but it seems to work.
It relies on the 'pyrad' library which is available on PyPi, so I've included that in the setup.py install_requires setting. I'm unaware of a less-intrusive way to do this.
Do you want this code, and if so, how should I integrate it with yours?
Right now I'm developing it on GitHub:
Change History (10)
Changed 3 years ago by chris@…
comment:1 Changed 3 years ago by chris@…
- Owner changed from mgood to anonymous
- Status changed from new to assigned
- Summary changed from Adding RADIUS auth to AccountManagerPlugin (running code) to [PATCH] Adding RADIUS auth to AccountManagerPlugin
comment:4 Changed 3 years ago by hasienda
- Summary changed from [PATCH] Adding RADIUS auth to AccountManagerPlugin to [PATCH] Add a RadiusAuthStore to AccountManagerPlugin
comment:5 Changed 3 years ago by hasienda
- Owner changed from anonymous to hasienda
- Status changed from assigned to new
- Summary changed from [PATCH] Add a RadiusAuthStore to AccountManagerPlugin to [patch] Add a RadiusAuthStore to AccountManagerPlugin