Ability to provide whitelist of OpenIDs
|Reported by:||Owned by:||Dalius|
|Severity:||normal||Keywords:||user, users, whitelist, security|
When using HTTP authentication, it was perfectly possible to manage the htpasswd file in Apache as I wished and only allow logins to specific people. I've not enabled OpenID and disabled the original login mechanism and, as far as I can see, this has now opened up my Trac to anyone with an OpenID.
Is there a way to allow only a given list of OpenIDs? I've looked around for a good hour and couldn't quite find it if it can be done. If it cannot be done, I'd like to request this as a feature.
Change History (10)
comment:6 Changed 8 years ago by
|Status:||closed → reopened|
|Type:||enhancement → defect|