Force HTTP authentication from within Trac
Allows you to protect certain paths with HTTP authentication. The AccountManagerPlugin is used to check passwords.
Primarily this is meant to be used with the XmlRpcPlugin so it will work while using AccountManager's form-based logins.
If you have any issues, create a new ticket.
Download the zipped source from here.
[components] httpauth.* = enabled
To add additional paths:
[httpauth] paths = /xmlrpc, /login/xmlrpc
To add additional formats, like rss use this:
[httpauth] formats = rss
Authentication issues while using Trac with mod_wsgi
HTTP authentication just does not want to work. The Authorization header is passed with the HTTP request, but it seems to be lost on the way.
If you set the loglevel to INFO, then you will get this entry in your trac.log:
Trac[filter] INFO: HTTPAuthFilter: No/bad authentication data given, returing 403
It is already in Ticket #1169. I've quoted it here, since the solution is hard to find otherwise.
If you're using mod_wsgi, authorization information is stripped before passing to the WSGI application.
Turn WSGIPassAuthorization On in your Apache configuration for it to work.
See also ConfigurationDirectives
-  by txcraig on 2013-02-24 14:55:10
#10881 Added maintainer and maintainer_email setting after adopting HttpAuthPlugin
-  by jun66j5 on 2012-11-29 18:26:08
Fixed broken communication between client on tracd using HTTP/1.1 if sending 401 Unauthorized. Sends Connection: close header in this case.
-  by pacopablo on 2009-10-11 05:07:19
Set Content-Length header. Needed for API change in 0.12.
While not strictly necessary for anything prior to trunk, the change is
still worth while.