[[PageOutline(2-5,Contents,pullout)]] == !AccountManager == '''Package''':: acct_mgr.api This holds core code of this plugin. This component ''must'' be enabled to use any of the other components. Additionally one or more sources for storing authentication information are required: * !PasswordFileStores * [wiki:AccountManagerPlugin/AuthStores#HtDigestStore HtDigestStore] * [wiki:AccountManagerPlugin/AuthStores#HtPasswdStore HtPasswdStore] * [wiki:AccountManagerPlugin/AuthStores#HttpAuthStore HttpAuthStore] * [wiki:AccountManagerPlugin/AuthStores#SessionStore SessionStore] * [wiki:AccountManagerPlugin/AuthStores#SvnServePasswordStore SvnServePasswordStore] There's even some information on how to get not-yet-implemented [wiki:AccountManagerPlugin/AuthStores#LDAP LDAP authentication]. ---- == !AccountManagerAdminPage == '''Package''':: acct_mgr.admin This component adds new pages to the trac:WebAdmin section for managing user accounts: * admin/accounts/config - basic configuration, i.e. !AuthStore activation and ordering * ''admin/accounts/details'' - upcoming * admin/accounts/notification - !AccountManager change notification settings * admin/accounts/users - user account listing with some management functions, i.e. add/delete accounts, change password, etc. It requires the `TRAC_ADMIN` permission to access.[[BR]] '''Update:''' A more granular set of permissions has been introduced with changeset [9280] and TRAC_ADMIN is not required anymore. [[Image(AccountManagerPlugin:account-manager-admin.png)]] === Configuration === {{{ #!cfg [components] acct_mgr.admin.AccountManagerAdminPage = enabled }}} === Compatibility === requires Trac >= 0.10 ---- == !AccountModule == '''Package''':: acct_mgr.web_ui Allows users to change their password, or delete their account. When logged in it will appear as a tab “Account” after clicking the “Preferences” link. [[Image(AccountManagerPlugin:my-account.png)]] === Configuration === {{{ #!cfg [components] acct_mgr.web_ui.AccountModule = enabled }}} '''Since Trac 0.10:''' When used in combination with the [wiki:AccountManagerPlugin#LoginModule LoginModule] it adds a link to the login page “Forgot your password?” where users can reset their password if they’ve forgotten it. You will need to have your SMTP server information configured in your {{{trac.ini}}} for the “Forgot your password?” link to show up and enable !AccountChangeListener: {{{ #!cfg [components] acct_mgr.notification.accountchangelistener = enabled }}} To disable just the password reset functionality add the following line to the {{{[account-manager]}}} section: {{{ #!cfg [account-manager] reset_password = False }}} [[Image(reset-password.png)]] '''Since Trac 0.11:''' When a user resets their password they will be required to change their password on the next successful login. This can be disabled via the `trac.ini` by setting: {{{ #!cfg [account-manager] force_passwd_change = false }}} ---- == !LoginModule == '''Package''':: acct_mgr.web_ui Allows users to login via a HTML form instead of using HTTP authentication. [[Image(AccountManagerPlugin:login-form.png)]] A major re-design is planned and already in testing for `trunk`, [attachment:ticket:6821:20101024_acct_mgr-login_real-re-design.png preview available]. === Configuration === To use the AccountManager’s HTML form, you need to explicitly disable Trac's own HTTP authentication module. To do so add this your trac.ini or find and modify existing lines accordingly: {{{ #!cfg [components] acct_mgr.web_ui.LoginModule = enabled trac.web.auth.LoginModule = disabled }}} When using the [trac:TracStandalone tracd] server be sure '''not''' to use the `--auth` or `--basic-auth` options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use AccountManagerPlugin's HTML form. If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like: {{{ # Some options like AuthType and AuthUserFile Require valid-user }}} Deleting or commenting the `Require valid-user` line should be sufficient to disable HTTP authentication. After you’ve tested it, you can probably delete or comment out the rest of the authentication options. In some pre-bundled packages as Bitnami Trac you will find it inside an apache configuration extension as trac.conf (!BitnamiTrac\trac\conf\trac.conf) === Compatibility === requires Trac >= 0.10 To use this module with [trac:TracStandalone tracd] stand-alone server you'll need Trac 0.10 or later version, or an external webserver such as Apache. ---- == !AccountGuard == '''Package''':: acct_mgr.guard upcoming in `trunk` - add administrative account locking to protect against brute-force attacks on user passwords ---- == !RegistrationModule == '''Package''':: acct_mgr.web_ui Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link. [[Image(AccountManagerPlugin:register.png)]] === Configuration === {{{ #!cfg [components] acct_mgr.web_ui.RegistrationModule = enabled }}} {{{ #!div class="important" '''Warning:''' You must enable one of the [wiki:AccountManagerPlugin/AuthStores password storage modules] for the Registration Module to work. }}} '''Note:''' You must not enable `ignore_auth_case` in `trac.ini` as otherwise this module won’t work. [''Update:'' This doesn't apply to `trunk` branch anymore. Use a revision at changeset [9286] or later to lift this limitation.] ---- == !EmailVerificationModule == '''Package''':: acct_mgr.web_ui If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address: === Configuration === {{{ #!cfg [components] acct_mgr.web_ui.EmailVerificationModule = enabled }}} Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of ''authenticated'' users). ''Update:'' After changeset [9304] ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure. This '''has been added as a strict requirement now''' as suggested by ticket #5509 to `trunk` code with changeset [9277], but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions. Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option {{{ #!cfg [account-manager] verify_email = false }}} for switching this off easily, to restore the old behavior of AccountManagerPlugin by default, is available since changeset [9304] as well.