Modify

Opened 4 years ago

Closed 2 years ago

#8244 closed defect (invalid)

Disabling trac from force authenticating against Apache http auth

Reported by: h1d Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: needinfo HTTP auth
Cc: Trac Release: 0.12

Description

I want the trac instance to be protected by apache's http auth, which only has a single user/password combination to authenticate against for multiple users yet have different account for each users to log in via this account module but even when I try to turn off the trac's default http auth via 'trac.web.auth.loginmodule = disabled' and enabling account manager plugin, the apache's basic auth still applies and I'm forced to login without having a chance to use the HTML form.

Is there a way to not let trac authenticate users via http auth at all but just rely solely on this account manager plugin?

Attachments (0)

Change History (3)

comment:1 in reply to: ↑ description Changed 4 years ago by hasienda

  • Keywords HTTP added; http removed

First, thanks for your interest in using AccountManagerPlugin with your Trac. Be aware of the recent maintainer change, so not everything has been cleared and settled by now. I.e. I don't favor easy-install over downloading and packaging source manually, but the documentation still refers in a way, that could be mistaken as if I would. And all except trunk branch are hopelessly outdated regarding recent development. I decided to just get some work done not to get distracted by doing releases in the first place. Please read the news flash on plugin's wiki page, to better see my point.

Second, I consider your request a local installation/configuration issue. Even if the wiki is not clear about this (in fact it isn't on most if not all plugins's wiki pages), we think of the ticket system as a tool for development issues and favor the mailing-list for things like your request.

Replying to h1d:

I want the trac instance to be protected by apache's http auth, which only has a single user/password combination to authenticate against for multiple users yet have different account for each users to log in via this account module but even when I try to turn off the trac's default http auth via 'trac.web.auth.loginmodule = disabled' and enabling account manager plugin, the apache's basic auth still applies and I'm forced to login without having a chance to use the HTML form.

I'm quite sure, I don't understand every bit of this paragraph.

  • You're telling me, you want Apache's HTTP auth for Trac but later you expect to use just AcctMgr (below)?
  • Having 'a single user/password combination to authenticate against for multiple users' is like most systems deal with authentication in general, no difference between Apache, Trac and Trac with AcctMgr here.
  • Immediately following statement, that (who?) 'yet have different account for each users to log in' is common sense too.?
  • Turning off Trac's own HTTP auth form has nothing to do with turning off Apaches/any other auth form but that from AcctMgr. See the wiki, especially related what is written about the LoginModule, since I think it has all the information you'll need. (well, RTFM)

Is there a way to not let trac authenticate users via http auth at all but just rely solely on this account manager plugin?

Sure, I do each day. :-) And most probably you'll see as well, that there is no defect regarding this functionality. But technically spoke AcctMgr just extends Trac's authentication (even it's very own auth.LoginModule) and embeds itself into Trac's session management. So it's more Apache vs. AcctMgr+Trac, but certainly not AcctMgr alone in that sense. However you can rely on AcctMgr to do all your user account and password management.

comment:2 Changed 3 years ago by hasienda

  • Keywords needinfo added

Ping. Any comments? Is this answered, your issues resolved, or something still waiting for a fix?

I'd like to see a short comment, even if you're done with it. More hints are appreciated for others with similar problems seeking a solution here later on.

comment:3 Changed 2 years ago by hasienda

  • Resolution set to invalid
  • Status changed from new to closed

You can't have your "trac instance to be protected by apache's http auth" but at the same time "log in via this account module". You shouldn’t attempt to use multiple concurrent ways to login at all, whether depending on the user (choose auth method based on username - as you'd like to have it, if I understand you correctly) or in general.

Well, this is still confusing me a bit. If your difficulties prevail, please read my comments above very carefully, and only if this and running recent AcctMgr version doesn't help, re-open with more unambiguous information on the issue. Thanks for taking care and creating your report anyway.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.