Modify

Opened 10 years ago

Closed 6 years ago

#2031 closed enhancement (duplicate)

add htpasswd2 as a method for creating new users

Reported by: p_ansell@… Owned by: Matt Good
Priority: normal Component: AccountManagerPlugin
Severity: major Keywords: htpasswd file
Cc: Trac Release: 0.10

Description

Its great that I can use a htpasswd2 format file for authentication, but is it possible to implement a feature which allows me to create new accounts on it as well. Currently I am registering all of my users manually which is a bit of a pain.

This would be an improvement over the read-only support that is references in ticket #599

Attachments (0)

Change History (5)

comment:1 Changed 10 years ago by Matt Good

Resolution: worksforme
Status: newclosed

Account creation has been supported from the beginning. Initially via registration, and now there's also an admin page.

comment:2 Changed 10 years ago by p_ansell@…

Resolution: worksforme
Status: closedreopened
Type: defectenhancement

What are the settings I need to use in order to get trac to generate valid htpasswd2 entries? You only referred to generic account creation in your "worksforme" "solution"

I am currently using the following in my trac.ini:

[account-manager] generated_password_length = 8 hash_method = HtPasswdHashMethod password_file = /var/lib/trac/svn/svnusers password_store = HtPasswdStore

When I register an account it adds a line to the bottom of the file, but it is not in htpasswd2 format. That is what my question was directed to, not generic account creation. The desired format is the first one, with the second being generated after a registration with this plugin.

validhtpasswd2user:$apr1$Rth1C/..$YZ7.0ZrJfUNmbFaCCuSuX0 tester:IJpZjm73rolhk

comment:3 in reply to:  2 Changed 10 years ago by Matt Good

Resolution: worksforme
Status: reopenedclosed

Replying to p_ansell@yahoo.com:

When I register an account it adds a line to the bottom of the file, but it is not in htpasswd2 format. That is what my question was directed to, not generic account creation. The desired format is the first one, with the second being generated after a registration with this plugin.

validhtpasswd2user:$apr1$Rth1C/..$YZ7.0ZrJfUNmbFaCCuSuX0
tester:IJpZjm73rolhk

Both of those are valid htpasswd entries. The first is in the MD5 format and the second is CRYPT, which is the default on all platforms besides Windows which doesn't support it.

From the htpasswd usage output:

 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.

This plugin follows the htpasswd defaults and generates MD5 hashes on Windows and CRYPT hashes everywhere else. It will read existing hashes in MD5, CRYPT and SHA.

comment:4 Changed 8 years ago by Dan Bucatanschi

Resolution: worksforme
Severity: normalmajor
Status: closedreopened

Hi!

I am sorry if I am annoying anyone by reopening this ticket, but I believe it is an important enhancement (if not bug) that needs to be taken care of.

The reason for my statement above is that it seems that if the method for computing the hashes is CRYPT, then the password is truncated to 8 characters in length. Basically I cannot have a secure public server on the Internet (or at least people's accounts are not as secure as they could be). However, if I have an MD5 generated hash, then the password is not truncated to 8 characters (I'm sure there is a limit but it's much higher).

I hope someone will write a patch, which will allow the configuration of the way the hashes are generated, with the possibility of specifying an MD5 hash.

Thanks, -Dan

comment:5 in reply to:  4 Changed 6 years ago by Steffen Hoffmann

Keywords: htpasswd file added
Resolution: duplicate
Status: reopenedclosed

Replying to dangb:

![...] I hope someone will write a patch, which will allow the configuration of the way the hashes are generated, with the possibility of specifying an MD5 hash.

After a long time this could finally come true now.

I'm testing a patch for ticket #2282, that developed towards a similar goal, effectively becoming a duplicate of this one, but already got further towards a solution in the comment trail. So let's stick to (the other) one ticket for tracking this enhancement.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Matt Good.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.