Version 98 (modified by Steffen Hoffmann, 12 years ago) (diff)

add hint to a recent breakdown of available options for LDAP Auth



Growing number of long-standing issues resolved, prepare for a maintenance release based on current trunk (open: 61)
Maintainership handed over from pacopablo to hasienda
Starting ticket list cleanup and triaging (open: 96)

Account Manager Plugin


The AccountManagerPlugin offers several features for managing user accounts:

  • allow users to register new accounts
  • login via an HTML form instead of using HTTP authentication
  • allow existing users to change their passwords or delete their accounts

These features are new in the plugin for Trac 0.10.

  • send a new password to users who’ve forgotten their password
  • administration of user accounts

Bugs/Feature Requests

Existing bugs and feature requests for AccountManagerPlugin are available from Trac-Hacks ticket system.

If you have any issues that is not found in existing tickets, create a new ticket, please.

You do wonder, if you could contribute here? Great! There are some recommendations, where to start.


First make sure you’ve installed setuptools. Make sure you have a version >= 0.6c9, since previous versions contain a bug which makes the installation fail. xccx Then you can install the plugin using the easy_install application.

Note: Windows users will need to add easy_install to their PATH.

For Trac 0.9:


For Trac 0.10:

Install the trac:WebAdmin plugin.

Then install this plugin:


For Trac 0.11


For Trac 0.12:


If you are using the tracd standalone server or Apache 2.2.x you will need to restart it to detect the plugin.


Browse the source

Subversion Checkout (depends on your Trac version):

svn co
svn co
svn co
svn co


  • [download:accountmanagerplugin/0.9 0.9]
  • [download:accountmanagerplugin/0.10 0.10]
  • [download:accountmanagerplugin/0.11 0.11]
  • [download:accountmanagerplugin/trunk trunk]


In order to use the features of the AccountManager you will need to enable some or all of its components.

The easiest way to enable the components is via the trac:WebAdmin plugin. Users logged in with the TRAC_ADMIN permission will be able to manage the enabled components:

screenshot of components web admin

Components can also be enabled or disabled in the trac.ini file under the [components] section. For example to enable the login form and disable user registration:

trac.web.auth.LoginModule = disabled
acct_mgr.web_ui.LoginModule = enabled
acct_mgr.web_ui.RegistrationModule = disabled

Hint: Option names are written in CamelCase style notation, but will get (re-)written all-lowercase, if added/updated via the Trac admin web-UI. Anyway, case doesn't really matter here.

The available components are described below.



This is the core of this plugin. This component must be enabled to use any of the other components.

Additionally one or more sources for storing authentication information are required:

There's even some information on how to get not-yet-implemented LDAP authentication.



Note: This component requires Trac 0.10 or later

This component adds a new page to the trac:WebAdmin section for managing user accounts. It requires the TRAC_ADMIN permission to access.

acct_mgr.admin.AccountManagerAdminPage = enabled

screenshot of account administration



Allows users to change their password, or delete their account. When logged in it will appear as a tab “Account” after clicking the “Preferences” link.

acct_mgr.web_ui.AccountModule = enabled

New for Trac 0.10: When used in combination with the LoginModule it adds a link to the login page “Forgot your password?” where users can reset their password if they’ve forgotten it. You will need to have your SMTP server information configured in your trac.ini for the “Forgot your password?” link to show up and enable AccountChangeListener.

acct_mgr.notification.accountchangelistener = enabled

New for Trac 0.11: When a user resets their password they will be required to change their password on the next successful login. This can be disabled via the trac.ini by setting force_passwd_change = false.



Warning: this module is not supported using the tracd stand-alone server on Trac 0.9. It either needs Trac 0.10 or later, or an external webserver such as Apache.

Allows users to login via a HTML form instead of using HTTP authentication.

acct_mgr.web_ui.LoginModule = enabled

screenshot of login form

Disable HTTP authentication

To use the AccountManager’s form-based login system instead, add this to the [components] section of your trac.ini:

trac.web.auth.LoginModule = disabled 

When using the tracd server be sure not to use the --auth or --basic-auth options. Using either of these options will cause tracd to popup the username/password dialog box and you will not be able to use the HTML form.

If you have previously enabled authentication for Trac on Apache, you will need to disable it or Apache will popup the username/password dialog and you will be unable to use the HTML form. In order to disable the authentication look for a section in the Apache configuration file like:

<Location /trac/login>
   # Some options like AuthType and AuthUserFile
   Require valid-user

Deleting or commenting the Require valid-user line should be sufficient to disable HTTP authentication. After you’ve tested it you can probably delete or comment out the rest of the authentication options. In some pre-bundled packages as Bitnami Trac you will find it inside an apache configuration extension as trac.conf (BitnamiTrac\trac\conf\trac.conf)



Enables users to register a new account. It adds a “Register” link on the same menu bar as the “Login” link.

acct_mgr.web_ui.RegistrationModule = enabled

screenshot of registration page

Warning: You must enable one of the password storage modules for the Registration Module to work.

Note: You must not enable ignore_auth_case in trac.ini as otherwise this module won’t work.



If you enable this, users will be sent an email with a verification code to enter, to approve it is really their own email address:

acct_mgr.web_ui.EmailVerificationModule = enabled

Until they entered the verification code on the URL sent with the email, their permissions will be restricted (even if they have the TRAC_ADMIN privilege, they won't be able to access anything exceeding the standard privileges of authenticated users). Update: After changeset [9304] ACCTMGR_ADMIN (and TRAC_ADMIN, as it inherits it among all other privileges) won't be bothered with the verification procedure.

This has been added as a strict requirement now as suggested by ticket #5509 to trunk code with changeset [9277], but was not enforced before, so verification only happened, if an email had been specified on registration. In other words, if some user registered w/o specifying an email address, this was possible and an unrestricted account was created without requiring further actions.

Note that if you don't want to enforce entering a valid email on registration, you may want to disable this component. An option

verify_email = false

for switching this off easily, to restore the old behavior of AccountManagerPlugin by default, is available since changeset [9304] as well.

Post Setup/Configuration

In order to use the Account Manager plugin, while logged in as a user with TRAC_ADMIN rights, use the new “Admin” link on the menubar.

Once in, you might want to enable the permissions to allow the “authenticated” user group permissions. For instance, if you remove the anonymous group from TICKET_MODIFY, and WIKI_MODIFY, and add the “authenticated” group instead, only authenticated, logged-in (registered) users can perform ticket modifications and wiki editing.

Recent Changes

17941 by rjollos on 2020-12-23 23:05:30
TracAccountManager 0.6dev: Add Genshi to installation requirements

Refs #13610.

17868 by rjollos on 2020-10-22 22:39:11
TracAccountManager 0.6dev: Fix overwrite in ticket_change

Patch by Thomas Moschny.

Fixes #11510.

17867 by rjollos on 2020-10-22 22:33:23
TracAccountManager 0.6dev: Trac 1.5dev is not yet supported

Refs #13720, #13881.



Author: mgood
Maintainer: hasienda
Contributors: coderanger, crocea, manski, mrelbe, otaku42, pacopablo, s0undt3ch

Attachments (9)

Download all attachments as: .zip