Changes between Version 7 and Version 8 of CookBook/AccountManagerPluginConfiguration

Jan 8, 2012 11:29:38 PM (3 years ago)

add SSO setup advise


  • CookBook/AccountManagerPluginConfiguration

    v7 v8  
    129129||force_passwd_change ||True ||Useful only with reset enabled. Randomly generated passwords should be motivation enough to change them, but YMMV.||acct_mgr-0.? || 
     131See the paragraphs below for a more detailed explanation of some of these settings. 
    131133== Advanced configurations == 
    132134=== Password Reset === 
     135=== Persistent Sessions === 
     138persistent_sessions = true 
     141will allow users to be remembered across sessions without needing to re-authenticate. This is, a user checks a "Remember Me" checkbox on the [wiki:AccountManagerPlugin/Modules#LoginModule login page] and, next time he visits the site, he'll be remembered. 
     143=== Single Sign On === 
     144In a setup with multiple Trac environments per domain/host chances are that users want to work with several projects simultaneously. 40 and more environments served by a single Trac install have been reported from private networks as well as seen on the web. 
     146To address the demand for authentication information sharing between some/all of the Trac environments in such a setup a login synchronization process has been introduced for acct_mgr-0.4. It relies on a non-default value for the path of `trac_auth` and `trac_auth_session` cookies. Otherwise the cookie wouldn't be recognized as related to different Trac environments by the web browser client: 
     149auth_cookie_path = /var/www/trac 
     151Hint: Even if this setting has been introduced in Trac 0.12, it could be set in `trac.ini` for older Trac versions, and !AcctMgr will use it, specifically providing a cookie path fix-up for `trac_auth` cookies generated by Trac 0.11 and above. 
     153An inherited trac.ini file is perfect for sharing this common setting and more between several Trac environments. Additionally delete existing `trac_auth` browser cookies. This is a one-time cleanup and only necessary to avoid unexpected login results after a cookie path change. Of course logging out in one Trac environment will terminate the authenticated session for all participants sharing authentication as indicated by the equal cookie path setting. A mixed setup containing both, authentication sharing and non-sharing environments side-by-side is valid an working well. 
    133155=== Account Locking === 
    134156 * new feature for acct_mgr-0.3