Modify

Opened 3 years ago

Closed 3 years ago

#9608 closed defect (fixed)

Authentication always fails due to using old, depreciated config option 'password_file'

Reported by: asterix@… Owned by: hasienda
Priority: normal Component: AccountManagerPlugin
Severity: normal Keywords: documentation
Cc: rjollos, otaku42 Trac Release: 0.12

Description

After upgrade to latest version, authentication always fails. I enabled debug log, and I see that in log file:

2011-12-12 23:15:31,131 Trac[htfile] ERROR: acct_mgr: check_password() -- Can't locate password file ""

Here is a part of my trac.ini:

[account-manager]
account_changes_notify_addresses = MY_MAIL
force_passwd_change = true
htpasswd_hash_type = crypt
notify_actions = new,change
password_file = FULL_PATH_TO_passwd
password_store = HtPasswdStore
persistent_sessions = true
refresh_passwd = false

acct_mgr.admin.* = enabled
acct_mgr.api.* = enabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
acct_mgr.web_ui.RegistrationModule = enabled
acct_mgr.htfile.HtPasswdStore = enabled
acct_mgr.web_ui.LoginModule = enabled
trac.web.auth.LoginModule = disabled

I use trac 0.12.2, debian server, apache2, wsgi, TracAccountManager-0.4dev_r10747

Attachments (0)

Change History (9)

comment:1 Changed 3 years ago by asterix@…

I just switch to stable TracAccountManager-0.3.2 and it works

comment:2 Changed 3 years ago by hasienda

  • Keywords documentation added
  • Status changed from new to assigned
  • Summary changed from Authentication always fails to Authentication always fails due to using old, depreciated config option 'password_file'

If you would like to go on, here is how and why: htpasswd_file is the next-gen and password_file is strongly discouraged now (see #4677).

TracIni is your friend and will tell you at least about the new options. And you should read the changelog, especially for the development version, that has these details too:

 * #4677: Admin based chaining HtDigestStore & HtPasswdStore breaks config
   by adding dedicated options 'htdigest_file' and 'htpasswd_file'

I accept this a documentation bug and will follow-up after fixing the appropriate wiki page. Thanks for reporting.

comment:3 Changed 3 years ago by hasienda

  • Cc otaku42 added

edited to give better kick-start as well as up-to-date details module information

Further comments?

comment:4 follow-up: Changed 3 years ago by anonymous

thanks, that works now, except I needed to do a small patch in acct_mgr/web_ui.py, line 48: username -> user:

    username = acctmgr.handle_username_casing(
                        req.args.get('user').strip())

Because the HTML form field name in user, not username.

comment:5 in reply to: ↑ 4 Changed 3 years ago by hasienda

Replying to anonymous:

thanks, that works now,

Glad to hear that, thanks for the feedback.

except I needed to do a small patch in acct_mgr/web_ui.py, line 48: username -> user ... Because the HTML form field name in user, not username.

Hold on, please. We have register.html and admin_users.html, but both have two fields:

username
internal name directly corresponding to sid in Trac sessions
user
Pre-/Surname (Nickname)
Current code still looks good to me. I think you made at least false assumptions on the meaning. Comments?

comment:6 Changed 3 years ago by anonymous

Indeed I see that in the sources. There is maybe something wrong in my sources or configuration. Or maybe it's a problem in TracRecaptchaRegister plugin, but I don't have a username field in my html form (https://trac.gajim.org/register if you want to see)

comment:7 Changed 3 years ago by hasienda

If this is a problem for you, updating your sources should fix it.

Looking at recent change history you must have a copy of one of the 22 revisions starting at the change user -> username in [10288] and right before [10370], where this got fixed specifically for the register.html template. This last revision and anything beyond should be fine.

comment:8 follow-up: Changed 3 years ago by anonymous

I'm already running r10747. But as I said I also use TracRecaptchaRegister plugin, and it's there register form that is used, which doesn't have username field.

comment:9 in reply to: ↑ 8 Changed 3 years ago by hasienda

  • Cc rjollos added
  • Resolution set to fixed
  • Status changed from assigned to closed

Replying to anonymous:

I'm already running r10747. But as I said I also use TracRecaptchaRegister plugin, and it's there register form that is used, which doesn't have username field.

Ok, now we're getting closer. The remaining issue is a duplicate of #9020 for RecaptchaRegisterPlugin.

Fixing the documentation was urgent. But now we're leaving the scope of this plugin, so we can't do anything more, here. Nevertheless I'm interested in solutions, so you may notice my comments on #9020 proposing ways to resolve that issue.

Add Comment

Modify Ticket

Action
as closed The owner will remain hasienda.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.