Changes between Version 3 and Version 4 of TracStandalone


Ignore:
Timestamp:
02/01/17 00:35:40 (8 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TracStandalone

    v3 v4  
    9393== Using Authentication
    9494
    95 Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives)
    96 
    97 Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected.
     95Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (`htpasswd` and `htdigest`) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without `htpasswd` or `htdigest`; see below for alternatives)
     96
     97{{{#!div style="border: 1pt dotted; margin: 1em"
     98**Attention:** Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux, or HFS+ on OSX).
     99}}}
    98100
    99101Tracd provides support for both Basic and Digest authentication. Digest is considered more secure. The examples below use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the command line.
     
    139141This section describes how to use `tracd` with Apache .htpasswd files.
    140142
    141   Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to
    142   decode some htpasswd formats.  Trac source code attempt an `import crypt` first, but there
    143   is no such package for Python 2.6. Only `SHA-1` passwords (since Trac 1.0) work without this module.
     143  Note: On Windows It is necessary to install the [https://pypi.python.org/pypi/passlib passlib]
     144  package in order to decode some htpasswd formats. Only `SHA-1` passwords (since Trac 1.0)
     145  work without this module.
    144146
    145147To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache):
     
    154156Then to start `tracd` run something like this:
    155157{{{#!sh
    156  $ tracd -p 8080 --basic-auth="projectdirname,/fullpath/environmentname/.htpasswd,realmname" /fullpath/environmentname
     158 $ tracd -p 8080 --basic-auth="project,/fullpath/environmentname/.htpasswd,realmname" /path/to/project
    157159}}}
    158160
    159161For example:
    160162{{{#!sh
    161  $ tracd -p 8080 --basic-auth="testenv,/srv/tracenv/testenv/.htpasswd,My Test Env" /srv/tracenv/testenv
     163 $ tracd -p 8080 --basic-auth="project,/srv/tracenv/testenv/.htpasswd,My Test Env" /path/to/project
    162164}}}
    163165''Note:'' You might need to pass "-m" as a parameter to htpasswd on some platforms (OpenBSD).
     
    171173=== Generating Passwords Without Apache
    172174
    173 Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5.
    174 
    175 You can use this simple Python script to generate a '''digest''' password file:
    176 
    177 {{{#!python
    178 from optparse import OptionParser
    179 # The md5 module is deprecated in Python 2.5
    180 try:
    181     from hashlib import md5
    182 except ImportError:
    183     from md5 import md5
    184 realm = 'trac'
    185 
    186 # build the options
    187 usage = "usage: %prog [options]"
    188 parser = OptionParser(usage=usage)
    189 parser.add_option("-u", "--username",action="store", dest="username", type = "string",
    190                   help="the username for whom to generate a password")
    191 parser.add_option("-p", "--password",action="store", dest="password", type = "string",
    192                   help="the password to use")
    193 parser.add_option("-r", "--realm",action="store", dest="realm", type = "string",
    194                   help="the realm in which to create the digest")
    195 (options, args) = parser.parse_args()
    196 
    197 # check options
    198 if (options.username is None) or (options.password is None):
    199    parser.error("You must supply both the username and password")
    200 if (options.realm is not None):
    201    realm = options.realm
    202    
    203 # Generate the string to enter into the htdigest file
    204 kd = lambda x: md5(':'.join(x)).hexdigest()
    205 print ':'.join((options.username, realm, kd([options.username, realm, options.password])))
    206 }}}
    207 
    208 Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py):
    209 
    210 {{{#!sh
    211  $ python trac-digest.py -u username -p password >> c:\digest.txt
    212  $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name
     175Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`.  Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd. Windows Python can grok MD5 password hashes just fine and you should use MD5.
     176
     177Trac also provides `htpasswd` and `htdigest` scripts in `contrib`:
     178{{{#!sh
     179$ ./contrib/htpasswd.py -cb htpasswd user1 user1
     180$ ./contrib/htpasswd.py -b htpasswd user2 user2
     181}}}
     182
     183{{{#!sh
     184$ ./contrib/htdigest.py -cb htdigest trac user1 user1
     185$ ./contrib/htdigest.py -b htdigest trac user2 user2
    213186}}}
    214187
    215188==== Using `md5sum`
    216189It is possible to use `md5sum` utility to generate digest-password file:
    217 {{{
     190{{{#!sh
    218191user=
    219192realm=
     
    332305Run tracd:
    333306{{{#!sh
    334 tracd -p 8101 -r -s proxified --base-path=/project/proxified
     307tracd -p 8101 -s proxified --base-path=/project/proxified
    335308}}}
    336309