Changes between Version 21 and Version 22 of AccountManagerPlugin/AuthStores


Ignore:
Timestamp:
Jan 9, 2012 7:38:35 PM (3 years ago)
Author:
Dennis McRitchie <dmcr@…>
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AccountManagerPlugin/AuthStores

    v21 v22  
    8282Used to delegate authentication to the web server.  This allows access to be restricted based on LDAP, a password file, etc, or some combination of them. 
    8383 
     84Note: If you are using the WSGI Apache interpreter instead of mod_python (pretty much required if using RHEL6), it is difficult to get !HttpAuthStore to work with versions prior to acct_mgr-0.4. Upgrading is recommended. 
     85 
    8486Note: This password store does not support listing/adding/removing users or changing passwords. 
    8587 
     
    9193[account-manager] 
    9294; configure the plugin to use a page that is secured with http authentication 
    93 authentication_url = http://hostname/trac/authFile 
     95authentication_url = /authFile 
    9496password_store = HttpAuthStore 
    9597}}} 
     98Note: Only absolute URLs are supported in acct_mgr-0.3. 
    9699 
    97100This will generally be matched with an Apache config like: 
    98101{{{ 
    99 <Location /trac/authFile> 
     102<Location /authFile> 
    100103   …HTTP authentication configuration… 
    101104   Require valid-user 
     
    106109[account-manager] 
    107110; configure the plugin to use a page that is secured with http authentication 
    108 authentication_url = http://hostname/trac/project1/authFile 
     111authentication_url = /project1/authFile 
    109112password_store = HttpAuthStore 
    110113}}} 
     114Note: Only absolute URLs are supported in acct_mgr-0.3. 
    111115 
    112116This could then be matched with an Apache config like: 
    113117{{{ 
    114 <LocationMatch ^/trac/[^/]+/authFile$> 
     118<LocationMatch ^/[^/]+/authFile$> 
    115119   …HTTP authentication configuration… 
    116120   Require valid-user 
    117121</Location> 
    118122}}} 
    119 Note that '''authFile''' must exist, and be a file (not directory) that can be accessed via ''authentication_url''. 
    120  
    121 '''IMPORTANT:''' Be sure to test your configuration by attempting a login with a valid user and '''invalid''' password to ensure that your Apache <Location> or <!LocationMatch> section is getting executed. If it is not, you will be able to log in with an invalid password. 
     123Note that, new with acct_mgr-0.4, '''authFile''' no longer needs to actually exist, nor be a file (not directory) that can be accessed via ''authentication_url''. 
     124 
     125'''IMPORTANT:''' Be sure to test your configuration by attempting a login with a valid user, and both a valid and '''invalid''' password to ensure that your Apache <Location> or <!LocationMatch> section is getting executed. If it is not, you will be able to log in with an invalid password. 
     126 
     127Note: If you are having trouble getting !HttpAuthStore to work, enable DEBUG-level logging, and check for HttpAuthStore messages in your project's Trac log file. 
    122128 
    123129== !SessionStore ==