wiki:AccountManagerPlugin/AuthStores

Version 2 (modified by Steffen Hoffmann, 13 years ago) (diff)

update with a recent breakdown of available options for LDAP Auth, done for #6509 before

Authentication modules for AccountManagerPlugin

see AccountManagerPlugin's main page

HtDigestStore

Package
acct_mgr.htfile

Used to store passwords in the htdigest file format.

Warning: This password method may not work with mod_python due to a bug using Python’s md5 module under mod_python ("it has been reported that mod_python has trouble returning good MD5 strings. It has been speculated that this is because many apache mods are using the same md5 source (php and so forth), but this is not confirmed"). If you experience problems try FastCGI, mod_wsgi, or tracd.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtDigestStore = enabled

[account-manager]
; configure the plugin to store passwords in the htdigest format:
password_store = HtDigestStore
; with Trac < 0.10 use this instead:
password_format = htdigest

; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htdigest

; the name of the authentication “realm”
; it can be any text to identify your site or project
htdigest_realm = TracRealm

HtPasswdStore

Package
acct_mgr.htfile

Used to store passwords in the htpasswd file format.

Warning: This password method may not work with mod_python due to a bug using Python’s md5 module under mod_python. If you experience problems try FastCGI, mod_wsgi, or tracd.

To use this component to manage your password file you need to enable it as described above and add some additional configuration to trac.ini:

[components]
; be sure to enable the component
acct_mgr.htfile.HtPasswdStore = enabled

[account-manager]
; configure the plugin to store passwords in the htpasswd format:
password_store = HtPasswdStore
; with Trac < 0.10 use this instead:
password_format = htpasswd
; optional hash type selection
htpasswd_hash_type = 

; the file where user accounts are stored
; the webserver will need write permissions to this file
; and its parent folder
password_file = /var/trac/trac.htpasswd

Recent changes:

  • 'htpasswd_hash_type' for hash type selection available since [9274]

HttpAuthStore

Package
acct_mgr.http

Note: This component requires Trac 0.10 or later

Used to delegate authentication to the web server. This allows access to be restricted based on LDAP, a password file, etc, or some combination of them.

Note: This password store does not support listing/adding/removing users or changing passwords.

[components]
; be sure to enable the component
acct_mgr.http.HttpAuthStore = enabled

[account-manager]
; configure the plugin to use a page that is secured with http authentication
authentication_url = http://hostname/path
password_store = HttpAuthStore

This will generally be matched with an Apache config like:

<Directory /var/www/html/path>
   …HTTP authentication configuration…
   Require valid-user
</Directory>

SessionStore

Package
acct_mgr.db

Stores password information in the trac database. This may give better behaviour if you have large numbers of users and are finding errors due to write contention on the password file. You must enable one or other of the hash method components. HtDigestHashMethod is the default.

[components]
; be sure to enable the component
acct_mgr.db.SessionStore = enabled
; choose one of the hash methods
acct_mgr.pwhash.htdigesthashmethod = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled
trac.web.auth.loginmodule = disabled #this is important, otherwise login does not work. ref: http://www.gossamer-threads.com/lists/trac/users/41969

[account-manager]
password_store = SessionStore
; choose one of the hash methods
hash_method = HtDigestHashMethod
hash_method = HtPasswdHashMethod

For more information see:

http://www.mailinglistarchive.com/trac-users@googlegroups.com/msg03696.html

For sample configuration settings see sample-settings?

SvnServePasswordStore

Package
acct_mgr.svnserve

Allows Trac to use SVN users (may be in addition to Trac users). SVN server configuration option should be "svnserve". For more information, read chapter 6 of SVN book.

[components]
; be sure to enable the component
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = enabled
; choose one of the hash methods
acct_mgr.pwhash.htdigesthashmethod = enabled
acct_mgr.pwhash.htpasswdhashmethod = enabled

[account-manager]
password_store = SvnServePasswordStore
password_file = /path/to/svn/repos/conf/passwd
; choose one of the hash methods
hash_method = HtDigestHashMethod
hash_method = HtPasswdHashMethod

NB : password_file points to a file which defines users/passwords this way : user = password

LDAP

Not yet available

Meanwhile please check the following options:

stand-alone

AuthStore for AccountManagerPlugin packaged as separate plugin

suggested native AuthStore for AccountManagerPlugin (see currently supported ones here)