wiki:AccountManagerPlugin

Version 72 (modified by k0s, 5 years ago) (diff)

--

Account Manager Plugin

Description

The AccountManagerPlugin offers several features for managing user accounts:

  • allow users to register new accounts
  • login via an HTML form instead of using HTTP authentication
  • allow existing users to change their passwords or delete their accounts

These features are new in the plugin for Trac 0.10.

  • send a new password to users who’ve forgotten their password
  • administration of user accounts

Bugs/Feature Requests

Existing bugs and feature requests for AccountManagerPlugin are here.

If you have any issues, create a new ticket.

Install

First make sure you’ve installed setuptools. Make sure you have a version >= 0.6c9, since previous versions contain a bug which makes the installation fail.

Then you can install the plugin using the easy_install application.

Note: Windows users will need to add easy_install to their PATH.

For Trac 0.9:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.9

For Trac 0.10:

Install the trac:WebAdmin plugin.

Then install this plugin:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.10

For Trac 0.11 (doesn't currently work with 0.11.4, see #4125):

easy_install http://trac-hacks.org/svn/accountmanagerplugin/0.11

For Trac 0.12:

easy_install http://trac-hacks.org/svn/accountmanagerplugin/trunk

If you are using the tracd standalone server you will need to restart it to detect the plugin.

Source

Browse the source

Subversion Checkout (depends on your Trac version):

svn co http://trac-hacks.org/svn/accountmanagerplugin/0.9
svn co http://trac-hacks.org/svn/accountmanagerplugin/0.10
svn co http://trac-hacks.org/svn/accountmanagerplugin/0.11
svn co http://trac-hacks.org/svn/accountmanagerplugin/trunk

Downloads:

Components

In order to use the features of the AccountManager you will need to enable some or all of its components.

The easiest way to enable the components is via the trac:WebAdmin plugin. Users logged in with the TRAC_ADMIN permission will be able to manage the enabled components:

screenshot of components web admin

Components can also be enabled or disabled in the trac.ini file under the [components] section. For example to enable the login form and disable user registration:

[components]
trac.web.auth.LoginModule = disabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.web_ui.RegistrationModule = disabled

The available components are described below.

AccountManager

Package
acct_mgr.api

This is the core of this plugin. This component must be enabled to use any of the other components.

HtDigestStore

Package
acct_mgr.htfile

Used to store passwords in the htdigest file format.

Warning: This password method may not work with mod_python due to a bug using Python’s md5 module under mod_python ("it has been reported that mod_python has trouble returning good MD5 strings. It has been speculated that this is because many apache mods are using the same md5 source (php and so forth), but this is not confirmed"). If you experience problems try FastCGI, mod_wsgi, or tracd.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtDigestStore = enabled

[account-manager]
; configure the plugin to store passwords in the htdigest format:
password_store = HtDigestStore
; with Trac < 0.10 use this instead:
password_format = htdigest

; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htdigest

; the name of the authentication “realm”
; it can be any text to identify your site or project
htdigest_realm = TracRealm

HtPasswdStore

Package
acct_mgr.htfile

Used to store passwords in the htpasswd file format.

Warning: This password method may not work with mod_python due to a bug using Python’s md5 module under mod_python. If you experience problems try FastCGI, mod_wsgi, or tracd.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtPasswdStore = enabled

[account-manager]
; configure the plugin to store passwords in the htpasswd format:
password_store = HtPasswdStore
; with Trac < 0.10 use this instead:
password_format = htpasswd

; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htpasswd

HttpAuthStore

Package
acct_mgr.http

Note: This component requires Trac 0.10 or later

Used to delegate authentication to the web server. This allows access to be restricted based on LDAP, a password file, etc, or some combination of them.

Note: This password store does not support listing/adding/removing users or changing passwords.

[components]
; be sure to enable the component
acct_mgr.http.HttpAuthStore = enabled

[account-manager]
; configure the plugin to use a page that is secured with http authentication
authentication_url = http://hostname/path
password_store = HttpAuthStore

This will generally be matched with an Apache config like:

<Directory /var/www/html/path>
   …HTTP authentication configuration…
   Require valid-user
</Directory>

LDAP

Check LDAPAuthStore and LdapAuthStorePlugin regarding how to link LdapPlugin to AccountManagerPlugin.

SessionStore

Package
acct_mgr.db

Stores password information in the trac database. This may give better behaviour if you have large numbers of users and are finding errors due to write contention on the password file. You must enable one or other of the hash method components. HtDigestHashMethod is the default.

[components]
; be sure to enable the component
acct_mgr.db.SessionStore = enabled
; choose one of the hash methods
acct_mgr.pwhash.htdigesthashmethod = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
trac.web.auth.loginmodule = disabled #this is important, otherwise login does not work. ref: http://www.gossamer-threads.com/lists/trac/users/41969

[account-manager]
password_store = SessionStore
; choose one of the hash methods
hash_method = HtDigestHashMethod
hash_method = HtPasswdHashMethod

For more information see:

http://www.mailinglistarchive.com/trac-users@googlegroups.com/msg03696.html

SvnServePasswordStore

Package
acct_mgr.svnserve

Allows Trac to use SVN users (may be in addition to Trac users). SVN server configuration option should be "svnserve". For more information, read chapter 6 of SVN book.

[components]
; be sure to enable the component
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = enabled
; choose one of the hash methods
acct_mgr.pwhash.htdigesthashmethod = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled

[account-manager]
password_store = SvnServePasswordStore
password_file = /path/to/svn/repos/conf/passwd
; choose one of the hash methods
hash_method = HtDigestHashMethod
hash_method = HtPasswdHashMethod

NB : password_file points to a file which defines users/passwords this way : user = password

AccountManagerAdminPage

Package
acct_mgr.admin

Note: This component requires Trac 0.10 or later

This component adds a new page to the trac:WebAdmin section for managing user accounts. It requires the TRAC_ADMIN permission to access.

[components]
acct_mgr.admin.AccountManagerAdminPage = enabled

screenshot of account administration

AccountModule

Package
acct_mgr.web_ui

Allows users to change their password, or delete their account. When logged in it will appear as a tab “Account” after clicking the “Preferences” link.

[components]
acct_mgr.web_ui.AccountModule = enabled

New for Trac 0.10: When used in combination with the LoginModule it adds a link to the login page “Forgot your password?” where users can reset their password if they’ve forgotten it. You will need to have your SMTP server information configured in your trac.ini for the “Forgot your password?” link to show up.

New for Trac 0.11: When a user resets their password they will be required to change their password on the next successful login. This can be disabled via the trac.ini by setting force_passwd_change = false.

LoginModule

Package
acct_mgr.web_ui

Warning: this module is not supported using the tracd stand-alone server on Trac 0.9. It either needs Trac 0.10 or later, or an external webserver such as Apache.

Allows users to login via a HTML form instead of using HTTP authentication.

screenshot of login form

Disable HTTP authentication

To use the AccountManager’s form-based login system instead, add this to the [components] section of your trac.ini:

trac.web.auth.LoginModule = disabled 

When using the tracd server be sure not to use the --auth or --basic-auth options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use the HTML form.

If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like:

<Location /trac/login>
   # Some options like AuthType and AuthUserFile
   Require valid-user
</Location>

Deleting or commenting the Require valid-user line should be sufficient to disable HTTP authentication. After you’ve tested it you can probably delete or comment out the rest of the authentication options.

RegistrationModule

Package
acct_mgr.web_ui

Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.

[components]
acct_mgr.web_ui.RegistrationModule = enabled

screenshot of registration page

Warning: You must enable one of the above password storage modules for the Registration Module to work. Note: You must not enable ignore_auth_case in trac.ini as otherwise this module won’t work.

Post Setup/Configuration

In order to use the Account Manager plugin, while logged in as a user with TRAC_ADMIN rights, use the new “Admin” link on the menubar.

Once in, you might want to enable the permissions to allow the “authenticated” user group permissions. For instance, if you remove the anonymous group from TICKET_MODIFY, and WIKI_MODIFY, and add the “authenticated” group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.

Author/Contributors

Author: mgood
Maintainer: pacopablo
Contributors: crocea, s0undt3ch

TagIt(plugin,mgood,alpha,0.9)?

Attachments (9)

Download all attachments as: .zip