id,summary,reporter,owner,description,type,status,priority,component,severity,resolution,keywords,cc,release
6788,[patch] Add a RadiusAuthStore to AccountManagerPlugin,chris@koansys.com,hasienda,We use Trac in an enterprisey environment at NASA HQ that uses RSA two-factor token authentication.  We'd like Trac to be able to authenticate against it_ over it's RADIUS protocol interface. RADIUS is frequently used by ISP and network access systems (e.g._ WiFi routers) so is likely to be available in larger shops.\r\n\r\nI've tried mod_auth_radius in Apache_ and that works_ except that:\r\n\r\n * Logout doesn't work (without the JavaScript hacks to clear the browser auth cache)\r\n * Sessions never timeout despite the setting of the expiration value in mod_auth_radius_ unless we protect the entire site so the RADIUS cookie is 'visible'\r\n * we can't support sites with anonymous and authenticated users with session timeouts since auth protects only the /login URL which is never returned to once authenticated.\r\n\r\nSo I've written an addition to AccountManagerPlugin (trunk) which allows you to authenticate from within Trac to a RADIUS server.  I'm still testing but it seems to work.  \r\n\r\nIt relies on the 'pyrad' library which is available on PyPi_ so I've included that in the setup.py install_requires setting. I'm unaware of a less-intrusive way to do this. \r\n\r\nDo you want this code_ and if so_ how should I integrate it with yours?\r\n\r\nRight now I'm developing it on GitHub:\r\n\r\nhttp://github.com/shentonfreude/AccountManagerPlugin_radius,enhancement,new,normal,AccountManagerPlugin,normal,,needinfo radius authentication,chris@koansys.com_ rjollos,0.11