Version 2 (modified by rupert thurner, 11 years ago) (diff)


Force HTTP authentication from within Trac


Allows you to protect certain paths with HTTP authentication. The AccountManagerPlugin is used to check passwords.

Primarily this is meant to be used with the XmlRpcPlugin so it will work while using AccountManager's form-based logins.

Bugs/Feature Requests

Existing bugs and feature requests for HttpAuthPlugin are here.

If you have any issues, create a new ticket.


Download the zipped source from [download:httpauthplugin here].


You can check out HttpAuthPlugin from here using Subversion, or browse the source with Trac.


To enable:

httpauth.* = enabled

To add additional paths:

paths = /xmlrpc, /login/xmlrpc

Recent Changes

12656 by txcraig on 2013-02-24 13:55:10
#10881 Added maintainer and maintainer_email setting after adopting HttpAuthPlugin
12394 by jun66j5 on 2012-11-29 17:26:08
Fixed broken communication between client on tracd using HTTP/1.1 if sending 401 Unauthorized. Sends Connection: close header in this case.

Closes #8558.

6675 by pacopablo on 2009-10-11 03:07:19
Set Content-Length header. Needed for API change in 0.12.

While not strictly necessary for anything prior to trunk, the change is
still worth while.



Author: coderanger