|Version 11 (modified by 4 years ago) (diff),|
Force HTTP authentication from within Trac
Allows you to protect certain paths with HTTP authentication. The AccountManagerPlugin is used to check passwords.
Primarily this is meant to be used with the XmlRpcPlugin so it will work while using AccountManager's form-based logins.
If you have any issues, create a new ticket.
Download the zipped source from [download:httpauthplugin here].
[components] httpauth.* = enabled
To add additional paths:
[httpauth] paths = /xmlrpc, /login/xmlrpc
To add additional formats, like rss use this:
[httpauth] formats = rss
Authentication issues while using Trac with mod_wsgi
HTTP authentication just does not want to work. The Authorization header is passed with the HTTP request, but it seems to be lost on the way.
If you set the
INFO, then you will get this entry in your
Trac[filter] INFO: HTTPAuthFilter: No/bad authentication data given, returing 403
It is already in Ticket #1169. I've quoted it here, since the solution is hard to find otherwise.
If you're using
mod_wsgi, authorization information is stripped before passing to the WSGI application.
WSGIPassAuthorization On in your
Apache configuration for it to work.
See also ConfigurationDirectives
- 12656 by txcraig on 2013-02-24 13:55:10
#10881 Added maintainer and maintainer_email setting after adopting HttpAuthPlugin
- 12394 by jun66j5 on 2012-11-29 17:26:08
Fixed broken communication between client on
401 Unauthorized. Sends
Connection: closeheader in this case.
- 6675 by pacopablo on 2009-10-11 03:07:19
Content-Lengthheader. Needed for API change in 0.12.
While not strictly necessary for anything prior to trunk, the change is
still worth while.