| View previous topic :: View next topic |
| Author |
Message |
sebv
Tux's lil' helper
Joined: 14 Jan 2005
Posts: 78
Location: Savoie (France)
|
 Posted: Wed Mar 15, 2006 6:44 pm Post subject: svn/trac auth on apache2 |
 |
|
Hello,
I install a little server for developpement, with a trac/svn access, but i've a "problem" to choose how to configure my auth.
I use trac with python, so my serveur is currently install as that (for testing basic install) (it's a multiproject install) and it work fine
| Code: |
<IfDefine SVN>
<IfModule !mod_dav_svn.c>
LoadModule dav_svn_module modules/mod_dav_svn.so
</IfModule>
<Location /svn>
DAV svn
SVNParentPath /home/server/svn
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /home/server/conf/svnusers
Require valid-user
</Location>
<IfDefine SVN_AUTHZ>
<IfModule !mod_authz_svn.c>
LoadModule authz_svn_module modules/mod_authz_svn.so
</IfModule>
</IfDefine>
############
## TRAC ##
############
LoadModule python_module modules/mod_python.so
<Location /trac>
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /home/server/trac
PythonOption TracUriRoot /trac
</Location>
</IfDefine>
|
But, I wan't to use a Mysql auth with mod_authn_dbd module, but how can I configure it to configure users on each project and not for all in the same time, all exemple I found set auth for all projects at the same time (whitout re-write my apache config ta add each project)
| Code: |
AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"
|
Maybe I can use a variable as "%s" use for mysql auth request to know what is the current ask project to get the good user in database, but i can't find info on that
Someone have an idea ?
Thanks in advance.
_________________
-La théorie, c'est quand on sait tout et que rien ne fonctionne. La pratique, c'est quand tout fonctionne et que personne ne sait pourquoi.
-Définissez-moi d'abord ce que vous entendez par Dieu et je vous dirai si j'y crois.
[Einstein] |
|
| Back to top |
|
 |
rev138
l33t
Joined: 19 Jun 2003
Posts: 848
Location: Vermont, USA
|
| Posted: Fri Mar 17, 2006 6:30 pm Post subject: |
|
|
I have what I beleive to be a similar issue with apache/trac
Here's what the relevant part of my httpd.conf looks like
| Code: | <Location "/trac">
SetEnv TRAC_ENV_PARENT_DIR "/var/trac"
SSLRequireSSL
</Location>
<Location "/trac/fnertfw/login">
AuthType Basic
AuthName "FNE rtfw"
AuthUserFile /etc/devusers
Require valid-user
SSLRequire %{SSL_CIPHER_USERKEYSIZE} >= 128
SSLRequireSSL
</Location>
<Location "/trac/fneweb/login">
AuthType Basic
AuthName "FNE web"
AuthUserFile /etc/devusers-web
Require valid-user
SSLRequire %{SSL_CIPHER_USERKEYSIZE} >= 128
SSLRequireSSL
</Location>
|
As you can see, what I'm trying to do is have separate authentication for each project (fnrtfw and fneweb), against separate htpasswd generated files (devusers and devusers-web, respectively).
Unfortunately, this does not work. With the above config, a user is allowed full access to everything without authentication. If I add Authype, AuthName, etc, to the "/trac" location definition, it DOES prompt for authentication, but those authentication settings override the others, allowing full access to everything.
It seems that the auth info in "fnertfw" and "fneweb" is being ignored completely.
Any help would be appreciated. |
|
| Back to top |
|
|
sebv
Tux's lil' helper
Joined: 14 Jan 2005
Posts: 78
Location: Savoie (France)
|
| Posted: Sun Mar 19, 2006 2:02 pm Post subject: |
|
|
I'ts not an apache config error, it's the default value of trac config
If you check your access config on trac with trac-admin you'll see that anonymous user have access to all things, just remove modif and create right for this user and it'will run as you want.
search on trac's site there is a plugins to allow the project admin to simply choose this options directly on trac web pages.
_________________
-La théorie, c'est quand on sait tout et que rien ne fonctionne. La pratique, c'est quand tout fonctionne et que personne ne sait pourquoi.
-Définissez-moi d'abord ce que vous entendez par Dieu et je vous dirai si j'y crois.
[Einstein] |
|
| Back to top |
|
|
rev138
l33t
Joined: 19 Jun 2003
Posts: 848
Location: Vermont, USA
|
| Posted: Wed Mar 22, 2006 8:14 pm Post subject: |
|
|
| You seem to misunderstand. I'd like to mantain two separate users lists for authentication, not one list with per-user permissions in trac. It would seem that apache needs to do this. No? |
|
| Back to top |
|
|
euphorium
n00b
Joined: 28 Feb 2007
Posts: 14
|
| Posted: Mon Apr 16, 2007 4:19 am Post subject: |
|
|
I did a search for trac and authentication (auth too) and only found a total of 3 posts about authentication. Which leads me to believe that it can't be that difficult to do. so I am wondering where I am going wrong with setting up wuthentication with Trac on my server.
Here is what I have in my http.conf file.
| Code: | ScriptAlias /www/trac/confuzedb /usr/share/trac/cgi-bin/trac.fcgi
<Location /www/trac>
SetEnv TRAC_ENV_PARENT_DIR "/www/trac"
SetHandler fcgid-script
</Location>
<LocationMatch "/www/trac/[^/]+/login">
AuthType Basic
AuthName "Project Login"
AuthUserFile /www/trac/trac.htpasswd
Require valid-user
</LocationMatch> |
Here is my tracd.conf file.
| Code: | # Port for tracd
TRACD_PORT="8000"
# Options for tracd
TRACD_OPTS="--env-parent-dir /www/trac"
#TRACD_OPTS="--basic-auth=BASICAUTH /www/trac/confuzedb, /www/trac/confuzedb/.htpasswd, confuzedb"
# User and group as which to run tracd
#TRACD_USER="apache"
#TRACD_GROUP="apache" |
Am I missing something?
I solved my issue and wrote a guide. Please refer to this thread. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
