Changes between Version 2 and Version 3 of InfoCardAccountPlugin


Ignore:
Timestamp:
Dec 7, 2007 10:53:10 PM (7 years ago)
Author:
anonymous
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • InfoCardAccountPlugin

    v2 v3  
    55== Abstract == 
    66 
    7 This extension allows [http://en.wikipedia.org/wiki/Windows_CardSpace Information Cards] to be associated with existing accounts and then used as an authentication mechanism to a Trac system.    
    8  
    9 === License === 
    10 The extension is distributed to you under the [http://www.gnu.org/licenses/lgpl.html lgpl], please note that it includes works copyrighted by others and released under permissive licenses such as [http://en.wikipedia.org/wiki/BSD_licenses BSD], [http://en.wikipedia.org/wiki/Beerware Beerware] and the [http://trac.edgewall.com/license.html Trac license]. 
    11  
    12 == Requirements == 
    13  
    14 This plugin works with Trac 0.11.[[BR]] 
    15  
    16 Some form of Python xml with dom and xpath support, tested with [http://pyxml.sourceforge.net/ pyxml] 
    17  
    18 [http://chandlerproject.org/Projects/MeTooCrypto m2crypto] as an python wrapper to [http://www.openssl.org/ openssl] which must also be installed.  m2crypto also requires [http://www.swig.org/Doc1.3/Python.html SWIG] 
    19  
    20 Systems running python older than 2.5 require [http://code.krypto.org/python/hashlib/ hashlib] 
    21  
    22 If you use the LDAP user store module then the [http://python-ldap.sourceforge.net/ Python LDAP] module is required. 
    23  
    24 To create and install an egg file you need to have a recent version of [http://peak.telecommunity.com/DevCenter/setuptools setuptools] 
    25 installed.[[BR]]Please refer to the [http://projects.edgewall.com/trac/wiki/TracPlugins TracPlugins] page for additional information about plugin installation. 
    26  
    27 == Download == 
    28   
    29  * Source code is available from https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11 
    30  
    31 == Installation == 
    32 {{{ 
    33    easy_install https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11 
    34 }}} 
    35  * Configure the plugin (see Configuration below) 
    36  * Use trac-admin-acct to initialize the association store and optionally the user store. 
    37  
    38 == Configuration == 
    39  
    40 You need to customize the `trac.ini` file of your project, following the instructions below[[BR]] 
    41  1. Optionally add the path to your plugin directory. 
    42  1. Enable `account-manager` and `infocard_acct` in `[components]` section, so that the Trac engine loads and uses this extension.  
    43  1. Configure account-manager. 
    44  1. Create a new section `[infocard_acct]` in the .ini file 
    45  
    46 ==== Enable components ==== 
    47 To properly enable plugin you must disable trac and account manager's LoginModules, and enable AccountManagerPlugin and InfoCardAccountPlugin components   In the `[components]` section of trac.ini: 
    48  
    49 {{{ 
    50 [components] 
    51 trac.web.auth.LoginModule = disabled 
    52 acct_mgr.*=enabled 
    53 acct_mgr.web_ui.LoginModule=disabled 
    54 infocard_acct.* = enabled 
    55 }}} 
    56  
    57 For complete details on configuring the AccountManagerPlugin please visit AccountManagerPlugin.  The InfoCardAccountPlugin adds two new password stores, TracDBUserStore and LDAPUserStore which are enabled as follows: 
    58  
    59 {{{ 
    60 [account-manager] 
    61 #any password store supported by acct-mgr including TracDBUserStore and LDAPUserStore 
    62 password_store = LDAPUserStore    
    63 }}} 
    64  
    65 If you use the LDAPUserStore then the following options are supported in the `[ldap_user_store]` section: 
    66  
    67 {{{ 
    68 [ldap_user_store] 
    69 #any ldap query url it's usage matches the authldapurl from mod_ldap in apache 
    70 #http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl 
    71 url = ldaps://bandit-project.org/ou=people,dc=wag,dc=bandit-project,dc=org?uid?sub?(objectClass=inetOrgPerson) 
    72  
    73 # If your ldap server requires authentication to search for users, please provide that name and password 
    74 #bind_user =  
    75 #bind_password =  
    76  
    77 }}} 
     7This extension allows [http://en.wikipedia.org/wiki/Windows_CardSpace Information Cards] to be associated with existing accounts and then used as an authentication mechanism to a Trac system.   
    788 
    799 
    80 The InfoCardAccountPlugin configuration section `[infocard_acct]` supports the following: 
    81 {{{ 
    82 [infocard_acct] 
    83 #file path to the server's ssl key, required to properly decrypt and validate security tokens 
    84 private_key_path = /etc/ssl/private/server.key.unsecure 
    85 #if the ssl key file requires a pass phrase, please supply that here 
    86 #private_key_pass_phrase = ifItoldYouItWouldBeBad 
    87 #Currently only TracDBAssociationStore is supported 
    88 association_store = TracDBAssociationStore 
    89 #Optional setting to display a debug page after accepting a security token 
    90 debug = False 
    91 }}} 
     10The home for the plugin including demos, downloads and documentation is [https://code.bandit-project.org/trac/wiki/InfoCardAcctPlugin here.] 
    9211 
    93  
    94 == trac-admin-acct == 
    95 This is a configuration tool similar to [http://trac.edgewall.org/wiki/TracAdmin trac-admin].   Before the InfoCardAccountPlugin is fully functional, the configuration tool must be run with at least the initenv card option. 
    96  
    97 {{{ 
    98 trac-admin-acct /var/trac/rpset initenv card 
    99 }}} 
    100  
    101 ==== usage ==== 
    102 trac-admin-acct supports both command line and interactive modes. 
    103  
    104 ===== interactive usage ===== 
    105 For a list of options supported by trac-admin-acct, start the tool giving it the path to the trac [http://trac.edgewall.org/wiki/TracEnvironment environment] and type help. 
    106  
    107 {{{ 
    108 trac-admin-acct /var/trac/rpset  
    109 >help 
    110 }}} 
    111  
    112 ===== command line usage ===== 
    113  
    114 {{{ 
    115 Usage: trac-admin-acct </path/to/projenv> [command [subcommand] [option ...]] 
    116  
    117 Invoking trac-admin-acct without command starts interactive mode. 
    118 help 
    119         -- Show documentation 
    120  
    121 initenv 
    122         -- create all the database tables for infocard account manager 
    123  
    124 initenv user 
    125         -- create just the user / passwordhash table 
    126  
    127 initenv card 
    128         -- create just the cardkey association table 
    129  
    130 cleanenv 
    131         -- delete all the database tables for infocard account manager 
    132  
    133 cleanenv user 
    134         -- delete just the user / passwordhash table 
    135  
    136 cleanenv card 
    137         -- delete just the cardkey association table 
    138  
    139 user list 
    140         -- Show user 
    141  
    142 user add <name> <clear text password> 
    143         -- Add user 
    144  
    145 user rename <name> <newname> 
    146         -- Rename user 
    147  
    148 user remove <name> 
    149         -- Remove user (leaves permissions etc. 
    150 }}} 
    151  
    152 == Gory Details == 
    153 === Account Associations === 
    154 === LDAPUserStore === 
    155  
    156 == Known limitations == 
    157 [https://woof.bandit-project.org/code/rpset/report/1 Tickets] 
    158  
    159 == !ToDo list == 
    160   
    161 [https://woof.bandit-project.org/code/rpset/report/1 Tickets] 
    162  
    163 == Testing == 
    164 In addition to the unit tests and developer tests run this was also part of an [http://osis.netmesh.org/ OSIS] [http://osis.netmesh.org/wiki/I2-Barcelona interop] event, all issues identified at that event have been resolved. 
    165  
    166 Testing has been primarily on [http://opensuse.org opensuse] versions of Linux. 
    167  
    168 == History == 
    169  
    170  * '''v0.1''': First crack at extending the AccountManagerPlugin to support LDAP and the Trac database as user stores, and accept Information Cards as an authentication mechanism from any user store. 
    171   
    17212== Author/Contributors == 
    17313