side by side
lines around each change
Show the changes in full context
White space changes
Jan 8, 2012, 11:29:38 PM (
add SSO setup advise
||force_passwd_change ||True ||Useful only with reset enabled. Randomly generated passwords should be motivation enough to change them, but YMMV.||acct_mgr-0.? ||
See the paragraphs below for a more detailed explanation of some of these settings.
== Advanced configurations ==
=== Password Reset ===
=== Persistent Sessions ===
persistent_sessions = true
will allow users to be remembered across sessions without needing to re-authenticate. This is, a user checks a "Remember Me" checkbox on the [wiki:AccountManagerPlugin/Modules#LoginModule login page] and, next time he visits the site, he'll be remembered.
=== Single Sign On ===
In a setup with multiple Trac environments per domain/host chances are that users want to work with several projects simultaneously. 40 and more environments served by a single Trac install have been reported from private networks as well as seen on the web.
To address the demand for authentication information sharing between some/all of the Trac environments in such a setup a login synchronization process has been introduced for acct_mgr-0.4. It relies on a non-default value for the path of `trac_auth` and `trac_auth_session` cookies. Otherwise the cookie wouldn't be recognized as related to different Trac environments by the web browser client:
auth_cookie_path = /var/www/trac
Hint: Even if this setting has been introduced in Trac 0.12, it could be set in `trac.ini` for older Trac versions, and !AcctMgr will use it, specifically providing a cookie path fix-up for `trac_auth` cookies generated by Trac 0.11 and above.
An inherited trac.ini file is perfect for sharing this common setting and more between several Trac environments. Additionally delete existing `trac_auth` browser cookies. This is a one-time cleanup and only necessary to avoid unexpected login results after a cookie path change. Of course logging out in one Trac environment will terminate the authenticated session for all participants sharing authentication as indicated by the equal cookie path setting. A mixed setup containing both, authentication sharing and non-sharing environments side-by-side is valid an working well.
=== Account Locking ===
* new feature for acct_mgr-0.3
Hosting sponsored by