Changes between Version 2 and Version 3 of InfoCardAccountPlugin


Ignore:
Timestamp:
Dec 7, 2007, 10:53:10 PM (7 years ago)
Author:
anonymous
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • InfoCardAccountPlugin

    v2 v3  
    55== Abstract ==
    66
    7 This extension allows [http://en.wikipedia.org/wiki/Windows_CardSpace Information Cards] to be associated with existing accounts and then used as an authentication mechanism to a Trac system.   
    8 
    9 === License ===
    10 The extension is distributed to you under the [http://www.gnu.org/licenses/lgpl.html lgpl], please note that it includes works copyrighted by others and released under permissive licenses such as [http://en.wikipedia.org/wiki/BSD_licenses BSD], [http://en.wikipedia.org/wiki/Beerware Beerware] and the [http://trac.edgewall.com/license.html Trac license].
    11 
    12 == Requirements ==
    13 
    14 This plugin works with Trac 0.11.[[BR]]
    15 
    16 Some form of Python xml with dom and xpath support, tested with [http://pyxml.sourceforge.net/ pyxml]
    17 
    18 [http://chandlerproject.org/Projects/MeTooCrypto m2crypto] as an python wrapper to [http://www.openssl.org/ openssl] which must also be installed.  m2crypto also requires [http://www.swig.org/Doc1.3/Python.html SWIG]
    19 
    20 Systems running python older than 2.5 require [http://code.krypto.org/python/hashlib/ hashlib]
    21 
    22 If you use the LDAP user store module then the [http://python-ldap.sourceforge.net/ Python LDAP] module is required.
    23 
    24 To create and install an egg file you need to have a recent version of [http://peak.telecommunity.com/DevCenter/setuptools setuptools]
    25 installed.[[BR]]Please refer to the [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] page for additional information about plugin installation.
    26 
    27 == Download ==
    28  
    29  * Source code is available from https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11
    30 
    31 == Installation ==
    32 {{{
    33    easy_install https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11
    34 }}}
    35  * Configure the plugin (see Configuration below)
    36  * Use trac-admin-acct to initialize the association store and optionally the user store.
    37 
    38 == Configuration ==
    39 
    40 You need to customize the `trac.ini` file of your project, following the instructions below[[BR]]
    41  1. Optionally add the path to your plugin directory.
    42  1. Enable `account-manager` and `infocard_acct` in `[components]` section, so that the Trac engine loads and uses this extension.
    43  1. Configure account-manager.
    44  1. Create a new section `[infocard_acct]` in the .ini file
    45 
    46 ==== Enable components ====
    47 To properly enable plugin you must disable trac and account manager's LoginModules, and enable AccountManagerPlugin and InfoCardAccountPlugin components   In the `[components]` section of trac.ini:
    48 
    49 {{{
    50 [components]
    51 trac.web.auth.LoginModule = disabled
    52 acct_mgr.*=enabled
    53 acct_mgr.web_ui.LoginModule=disabled
    54 infocard_acct.* = enabled
    55 }}}
    56 
    57 For complete details on configuring the AccountManagerPlugin please visit AccountManagerPlugin.  The InfoCardAccountPlugin adds two new password stores, TracDBUserStore and LDAPUserStore which are enabled as follows:
    58 
    59 {{{
    60 [account-manager]
    61 #any password store supported by acct-mgr including TracDBUserStore and LDAPUserStore
    62 password_store = LDAPUserStore   
    63 }}}
    64 
    65 If you use the LDAPUserStore then the following options are supported in the `[ldap_user_store]` section:
    66 
    67 {{{
    68 [ldap_user_store]
    69 #any ldap query url it's usage matches the authldapurl from mod_ldap in apache
    70 #http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl
    71 url = ldaps://bandit-project.org/ou=people,dc=wag,dc=bandit-project,dc=org?uid?sub?(objectClass=inetOrgPerson)
    72 
    73 # If your ldap server requires authentication to search for users, please provide that name and password
    74 #bind_user =
    75 #bind_password =
    76 
    77 }}}
     7This extension allows [http://en.wikipedia.org/wiki/Windows_CardSpace Information Cards] to be associated with existing accounts and then used as an authentication mechanism to a Trac system. 
    788
    799
    80 The InfoCardAccountPlugin configuration section `[infocard_acct]` supports the following:
    81 {{{
    82 [infocard_acct]
    83 #file path to the server's ssl key, required to properly decrypt and validate security tokens
    84 private_key_path = /etc/ssl/private/server.key.unsecure
    85 #if the ssl key file requires a pass phrase, please supply that here
    86 #private_key_pass_phrase = ifItoldYouItWouldBeBad
    87 #Currently only TracDBAssociationStore is supported
    88 association_store = TracDBAssociationStore
    89 #Optional setting to display a debug page after accepting a security token
    90 debug = False
    91 }}}
     10The home for the plugin including demos, downloads and documentation is [https://code.bandit-project.org/trac/wiki/InfoCardAcctPlugin here.]
    9211
    93 
    94 == trac-admin-acct ==
    95 This is a configuration tool similar to [http://trac.edgewall.org/wiki/TracAdmin trac-admin].   Before the InfoCardAccountPlugin is fully functional, the configuration tool must be run with at least the initenv card option.
    96 
    97 {{{
    98 trac-admin-acct /var/trac/rpset initenv card
    99 }}}
    100 
    101 ==== usage ====
    102 trac-admin-acct supports both command line and interactive modes.
    103 
    104 ===== interactive usage =====
    105 For a list of options supported by trac-admin-acct, start the tool giving it the path to the trac [http://trac.edgewall.org/wiki/TracEnvironment environment] and type help.
    106 
    107 {{{
    108 trac-admin-acct /var/trac/rpset
    109 >help
    110 }}}
    111 
    112 ===== command line usage =====
    113 
    114 {{{
    115 Usage: trac-admin-acct </path/to/projenv> [command [subcommand] [option ...]]
    116 
    117 Invoking trac-admin-acct without command starts interactive mode.
    118 help
    119         -- Show documentation
    120 
    121 initenv
    122         -- create all the database tables for infocard account manager
    123 
    124 initenv user
    125         -- create just the user / passwordhash table
    126 
    127 initenv card
    128         -- create just the cardkey association table
    129 
    130 cleanenv
    131         -- delete all the database tables for infocard account manager
    132 
    133 cleanenv user
    134         -- delete just the user / passwordhash table
    135 
    136 cleanenv card
    137         -- delete just the cardkey association table
    138 
    139 user list
    140         -- Show user
    141 
    142 user add <name> <clear text password>
    143         -- Add user
    144 
    145 user rename <name> <newname>
    146         -- Rename user
    147 
    148 user remove <name>
    149         -- Remove user (leaves permissions etc.
    150 }}}
    151 
    152 == Gory Details ==
    153 === Account Associations ===
    154 === LDAPUserStore ===
    155 
    156 == Known limitations ==
    157 [https://woof.bandit-project.org/code/rpset/report/1 Tickets]
    158 
    159 == !ToDo list ==
    160  
    161 [https://woof.bandit-project.org/code/rpset/report/1 Tickets]
    162 
    163 == Testing ==
    164 In addition to the unit tests and developer tests run this was also part of an [http://osis.netmesh.org/ OSIS] [http://osis.netmesh.org/wiki/I2-Barcelona interop] event, all issues identified at that event have been resolved.
    165 
    166 Testing has been primarily on [http://opensuse.org opensuse] versions of Linux.
    167 
    168 == History ==
    169 
    170  * '''v0.1''': First crack at extending the AccountManagerPlugin to support LDAP and the Trac database as user stores, and accept Information Cards as an authentication mechanism from any user store.
    171  
    17212== Author/Contributors ==
    17313