Changes between Version 21 and Version 22 of AccountManagerPlugin/AuthStores


Ignore:
Timestamp:
Jan 9, 2012, 7:38:35 PM (3 years ago)
Author:
Dennis McRitchie <dmcr@…>
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AccountManagerPlugin/AuthStores

    v21 v22  
    8282Used to delegate authentication to the web server.  This allows access to be restricted based on LDAP, a password file, etc, or some combination of them.
    8383
     84Note: If you are using the WSGI Apache interpreter instead of mod_python (pretty much required if using RHEL6), it is difficult to get !HttpAuthStore to work with versions prior to acct_mgr-0.4. Upgrading is recommended.
     85
    8486Note: This password store does not support listing/adding/removing users or changing passwords.
    8587
     
    9193[account-manager]
    9294; configure the plugin to use a page that is secured with http authentication
    93 authentication_url = http://hostname/trac/authFile
     95authentication_url = /authFile
    9496password_store = HttpAuthStore
    9597}}}
     98Note: Only absolute URLs are supported in acct_mgr-0.3.
    9699
    97100This will generally be matched with an Apache config like:
    98101{{{
    99 <Location /trac/authFile>
     102<Location /authFile>
    100103   …HTTP authentication configuration…
    101104   Require valid-user
     
    106109[account-manager]
    107110; configure the plugin to use a page that is secured with http authentication
    108 authentication_url = http://hostname/trac/project1/authFile
     111authentication_url = /project1/authFile
    109112password_store = HttpAuthStore
    110113}}}
     114Note: Only absolute URLs are supported in acct_mgr-0.3.
    111115
    112116This could then be matched with an Apache config like:
    113117{{{
    114 <LocationMatch ^/trac/[^/]+/authFile$>
     118<LocationMatch ^/[^/]+/authFile$>
    115119   …HTTP authentication configuration…
    116120   Require valid-user
    117121</Location>
    118122}}}
    119 Note that '''authFile''' must exist, and be a file (not directory) that can be accessed via ''authentication_url''.
    120 
    121 '''IMPORTANT:''' Be sure to test your configuration by attempting a login with a valid user and '''invalid''' password to ensure that your Apache <Location> or <!LocationMatch> section is getting executed. If it is not, you will be able to log in with an invalid password.
     123Note that, new with acct_mgr-0.4, '''authFile''' no longer needs to actually exist, nor be a file (not directory) that can be accessed via ''authentication_url''.
     124
     125'''IMPORTANT:''' Be sure to test your configuration by attempting a login with a valid user, and both a valid and '''invalid''' password to ensure that your Apache <Location> or <!LocationMatch> section is getting executed. If it is not, you will be able to log in with an invalid password.
     126
     127Note: If you are having trouble getting !HttpAuthStore to work, enable DEBUG-level logging, and check for HttpAuthStore messages in your project's Trac log file.
    122128
    123129== !SessionStore ==