|Version 2 (modified by dbuss, 9 years ago) (diff)|
Information Card Account Management Plugin
This extension allows Information Cards to be associated with existing accounts and then used as an authentication mechanism to a Trac system.
This plugin works with Trac 0.11.
Some form of Python xml with dom and xpath support, tested with pyxml
Systems running python older than 2.5 require hashlib
If you use the LDAP user store module then the Python LDAP module is required.
- Source code is available from https://forgesvn1.novell.com/svn/bandit/trunk/rp/trac/infocard_acct/0.11
- Configure the plugin (see Configuration below)
- Use trac-admin-acct to initialize the association store and optionally the user store.
You need to customize the trac.ini file of your project, following the instructions below
- Optionally add the path to your plugin directory.
- Enable account-manager and infocard_acct in [components] section, so that the Trac engine loads and uses this extension.
- Configure account-manager.
- Create a new section [infocard_acct] in the .ini file
[components] trac.web.auth.LoginModule = disabled acct_mgr.*=enabled acct_mgr.web_ui.LoginModule=disabled infocard_acct.* = enabled
For complete details on configuring the AccountManagerPlugin please visit AccountManagerPlugin. The InfoCardAccountPlugin adds two new password stores, TracDBUserStore and LDAPUserStore which are enabled as follows:
[account-manager] #any password store supported by acct-mgr including TracDBUserStore and LDAPUserStore password_store = LDAPUserStore
If you use the LDAPUserStore then the following options are supported in the [ldap_user_store] section:
[ldap_user_store] #any ldap query url it's usage matches the authldapurl from mod_ldap in apache #http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl url = ldaps://bandit-project.org/ou=people,dc=wag,dc=bandit-project,dc=org?uid?sub?(objectClass=inetOrgPerson) # If your ldap server requires authentication to search for users, please provide that name and password #bind_user = #bind_password =
The InfoCardAccountPlugin configuration section [infocard_acct] supports the following:
[infocard_acct] #file path to the server's ssl key, required to properly decrypt and validate security tokens private_key_path = /etc/ssl/private/server.key.unsecure #if the ssl key file requires a pass phrase, please supply that here #private_key_pass_phrase = ifItoldYouItWouldBeBad #Currently only TracDBAssociationStore is supported association_store = TracDBAssociationStore #Optional setting to display a debug page after accepting a security token debug = False
trac-admin-acct /var/trac/rpset initenv card
trac-admin-acct supports both command line and interactive modes.
For a list of options supported by trac-admin-acct, start the tool giving it the path to the trac environment and type help.
trac-admin-acct /var/trac/rpset >help
command line usage
Usage: trac-admin-acct </path/to/projenv> [command [subcommand] [option ...]] Invoking trac-admin-acct without command starts interactive mode. help -- Show documentation initenv -- create all the database tables for infocard account manager initenv user -- create just the user / passwordhash table initenv card -- create just the cardkey association table cleanenv -- delete all the database tables for infocard account manager cleanenv user -- delete just the user / passwordhash table cleanenv card -- delete just the cardkey association table user list -- Show user user add <name> <clear text password> -- Add user user rename <name> <newname> -- Rename user user remove <name> -- Remove user (leaves permissions etc.
Testing has been primarily on opensuse versions of Linux.
- v0.1: First crack at extending the AccountManagerPlugin to support LDAP and the Trac database as user stores, and accept Information Cards as an authentication mechanism from any user store.
Author: dbuss, bandit-dev@…
Contributors: see the setup.py file, this extension utilizes code from several sources.