Wiki Navigation

← Previous Change
Page History
Next Change →

Changes between Version 2 and Version 3 of InfoCardAccountPlugin

Author:: anonymous (IP: 0.0.0.0)
Timestamp:: 12/07/07 22:53:10 (5 years ago)
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

InfoCardAccountPlugin

v2	v3
5	5	== Abstract ==
6	6
7		This extension allows [http://en.wikipedia.org/wiki/Windows_CardSpace Information Cards] to be associated with existing accounts and then used as an authentication mechanism to a Trac system.
8
9		=== License ===
10		The extension is distributed to you under the [http://www.gnu.org/licenses/lgpl.html lgpl], please note that it includes works copyrighted by others and released under permissive licenses such as [http://en.wikipedia.org/wiki/BSD_licenses BSD], [http://en.wikipedia.org/wiki/Beerware Beerware] and the [http://trac.edgewall.com/license.html Trac license].
11
12		== Requirements ==
13
14		This plugin works with Trac 0.11.[[BR]]
15
16		Some form of Python xml with dom and xpath support, tested with [http://pyxml.sourceforge.net/ pyxml]
17
18		[http://chandlerproject.org/Projects/MeTooCrypto m2crypto] as an python wrapper to [http://www.openssl.org/ openssl] which must also be installed. m2crypto also requires [http://www.swig.org/Doc1.3/Python.html SWIG]
19
20		Systems running python older than 2.5 require [http://code.krypto.org/python/hashlib/ hashlib]
21
22		If you use the LDAP user store module then the [http://python-ldap.sourceforge.net/ Python LDAP] module is required.
23
24		To create and install an egg file you need to have a recent version of [http://peak.telecommunity.com/DevCenter/setuptools setuptools]
25		installed.[[BR]]Please refer to the [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] page for additional information about plugin installation.
26
27		== Download ==
28
29		* Source code is available from https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11
30
31		== Installation ==
32		{{{
33		easy_install https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11
34		}}}
35		* Configure the plugin (see Configuration below)
36		* Use trac-admin-acct to initialize the association store and optionally the user store.
37
38		== Configuration ==
39
40		You need to customize the `trac.ini` file of your project, following the instructions below[[BR]]
41		1. Optionally add the path to your plugin directory.
42		1. Enable `account-manager` and `infocard_acct` in `[components]` section, so that the Trac engine loads and uses this extension.
43		1. Configure account-manager.
44		1. Create a new section `[infocard_acct]` in the .ini file
45
46		==== Enable components ====
47		To properly enable plugin you must disable trac and account manager's LoginModules, and enable AccountManagerPlugin and InfoCardAccountPlugin components In the `[components]` section of trac.ini:
48
49		{{{
50		[components]
51		trac.web.auth.LoginModule = disabled
52		acct_mgr.*=enabled
53		acct_mgr.web_ui.LoginModule=disabled
54		infocard_acct.* = enabled
55		}}}
56
57		For complete details on configuring the AccountManagerPlugin please visit AccountManagerPlugin. The InfoCardAccountPlugin adds two new password stores, TracDBUserStore and LDAPUserStore which are enabled as follows:
58
59		{{{
60		[account-manager]
61		#any password store supported by acct-mgr including TracDBUserStore and LDAPUserStore
62		password_store = LDAPUserStore
63		}}}
64
65		If you use the LDAPUserStore then the following options are supported in the `[ldap_user_store]` section:
66
67		{{{
68		[ldap_user_store]
69		#any ldap query url it's usage matches the authldapurl from mod_ldap in apache
70		#http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl
71		url = ldaps://bandit-project.org/ou=people,dc=wag,dc=bandit-project,dc=org?uid?sub?(objectClass=inetOrgPerson)
72
73		# If your ldap server requires authentication to search for users, please provide that name and password
74		#bind_user =
75		#bind_password =
76
77		}}}
	7	This extension allows [http://en.wikipedia.org/wiki/Windows_CardSpace Information Cards] to be associated with existing accounts and then used as an authentication mechanism to a Trac system.
78	8
79	9
80		The InfoCardAccountPlugin configuration section `[infocard_acct]` supports the following:
81		{{{
82		[infocard_acct]
83		#file path to the server's ssl key, required to properly decrypt and validate security tokens
84		private_key_path = /etc/ssl/private/server.key.unsecure
85		#if the ssl key file requires a pass phrase, please supply that here
86		#private_key_pass_phrase = ifItoldYouItWouldBeBad
87		#Currently only TracDBAssociationStore is supported
88		association_store = TracDBAssociationStore
89		#Optional setting to display a debug page after accepting a security token
90		debug = False
91		}}}
	10	The home for the plugin including demos, downloads and documentation is [https://code.bandit-project.org/trac/wiki/InfoCardAcctPlugin here.]
92	11
93
94		~~== trac-admin-acct ==~~
95		This is a configuration tool similar to [http://trac.edgewall.org/wiki/TracAdmin trac-admin]. Before the InfoCardAccountPlugin is fully functional, the configuration tool must be run with at least the initenv card option.
96
97		~~{{{~~
98		~~trac-admin-acct /var/trac/rpset initenv card~~
99		~~}}}~~
100
101		~~==== usage ====~~
102		~~trac-admin-acct supports both command line and interactive modes.~~
103
104		~~===== interactive usage =====~~
105		~~For a list of options supported by trac-admin-acct, start the tool giving it the path to the trac [http://trac.edgewall.org/wiki/TracEnvironment environment] and type help.~~
106
107		~~{{{~~
108		~~trac-admin-acct /var/trac/rpset~~
109		~~>help~~
110		~~}}}~~
111
112		~~===== command line usage =====~~
113
114		~~{{{~~
115		~~Usage: trac-admin-acct </path/to/projenv> [command [subcommand] [option ...]]~~
116
117		~~Invoking trac-admin-acct without command starts interactive mode.~~
118		~~help~~
119		~~-- Show documentation~~
120
121		~~initenv~~
122		~~-- create all the database tables for infocard account manager~~
123
124		~~initenv user~~
125		~~-- create just the user / passwordhash table~~
126
127		~~initenv card~~
128		~~-- create just the cardkey association table~~
129
130		~~cleanenv~~
131		~~-- delete all the database tables for infocard account manager~~
132
133		~~cleanenv user~~
134		~~-- delete just the user / passwordhash table~~
135
136		~~cleanenv card~~
137		~~-- delete just the cardkey association table~~
138
139		~~user list~~
140		~~-- Show user~~
141
142		~~user add <name> <clear text password>~~
143		~~-- Add user~~
144
145		~~user rename <name> <newname>~~
146		~~-- Rename user~~
147
148		~~user remove <name>~~
149		~~-- Remove user (leaves permissions etc.~~
150		~~}}}~~
151
152		~~== Gory Details ==~~
153		~~=== Account Associations ===~~
154		~~=== LDAPUserStore ===~~
155
156		~~== Known limitations ==~~
157		~~[https://woof.bandit-project.org/code/rpset/report/1 Tickets]~~
158
159		~~== !ToDo list ==~~
160
161		~~[https://woof.bandit-project.org/code/rpset/report/1 Tickets]~~
162
163		~~== Testing ==~~
164		In addition to the unit tests and developer tests run this was also part of an [http://osis.netmesh.org/ OSIS] [http://osis.netmesh.org/wiki/I2-Barcelona interop] event, all issues identified at that event have been resolved.
165
166		~~Testing has been primarily on [http://opensuse.org opensuse] versions of Linux.~~
167
168		~~== History ==~~
169
170		* '''v0.1''': First crack at extending the AccountManagerPlugin to support LDAP and the Trac database as user stores, and accept Information Cards as an authentication mechanism from any user store.
171
172	12	== Author/Contributors ==
173	13