95 | | Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (htpasswd and htdigest) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without htpasswd or htdigest; see below for alternatives) |
96 | | |
97 | | Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux) may go undetected. |
| 95 | Tracd allows you to run Trac without the need for Apache, but you can take advantage of Apache's password tools (`htpasswd` and `htdigest`) to easily create a password file in the proper format for tracd to use in authentication. (It is also possible to create the password file without `htpasswd` or `htdigest`; see below for alternatives) |
| 96 | |
| 97 | {{{#!div style="border: 1pt dotted; margin: 1em" |
| 98 | **Attention:** Make sure you place the generated password files on a filesystem which supports sub-second timestamps, as Trac will monitor their modified time and changes happening on a filesystem with too coarse-grained timestamp resolution (like `ext2` or `ext3` on Linux, or HFS+ on OSX). |
| 99 | }}} |
167 | | If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions. You'll be prompted for a password to enter for each user that you create. For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. |
| 169 | If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [https://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions. You'll be prompted for a password to enter for each user that you create. For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. |
173 | | Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`. Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd ; Windows Python can grok MD5 password hashes just fine and you should use MD5. |
174 | | |
175 | | You can use this simple Python script to generate a '''digest''' password file: |
176 | | |
177 | | {{{#!python |
178 | | from optparse import OptionParser |
179 | | # The md5 module is deprecated in Python 2.5 |
180 | | try: |
181 | | from hashlib import md5 |
182 | | except ImportError: |
183 | | from md5 import md5 |
184 | | realm = 'trac' |
185 | | |
186 | | # build the options |
187 | | usage = "usage: %prog [options]" |
188 | | parser = OptionParser(usage=usage) |
189 | | parser.add_option("-u", "--username",action="store", dest="username", type = "string", |
190 | | help="the username for whom to generate a password") |
191 | | parser.add_option("-p", "--password",action="store", dest="password", type = "string", |
192 | | help="the password to use") |
193 | | parser.add_option("-r", "--realm",action="store", dest="realm", type = "string", |
194 | | help="the realm in which to create the digest") |
195 | | (options, args) = parser.parse_args() |
196 | | |
197 | | # check options |
198 | | if (options.username is None) or (options.password is None): |
199 | | parser.error("You must supply both the username and password") |
200 | | if (options.realm is not None): |
201 | | realm = options.realm |
202 | | |
203 | | # Generate the string to enter into the htdigest file |
204 | | kd = lambda x: md5(':'.join(x)).hexdigest() |
205 | | print ':'.join((options.username, realm, kd([options.username, realm, options.password]))) |
206 | | }}} |
207 | | |
208 | | Note: If you use the above script you must set the realm in the `--auth` argument to '''`trac`'''. Example usage (assuming you saved the script as trac-digest.py): |
209 | | |
210 | | {{{#!sh |
211 | | $ python trac-digest.py -u username -p password >> c:\digest.txt |
212 | | $ tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name |
| 175 | Basic Authorization can be accomplished via this [http://aspirine.org/htpasswd_en.html online HTTP Password generator] which also supports `SHA-1`. Copy the generated password-hash line to the .htpasswd file on your system. Note that Windows Python lacks the "crypt" module that is the default hash type for htpasswd. Windows Python can grok MD5 password hashes just fine and you should use MD5. |
| 176 | |
| 177 | Trac also provides `htpasswd` and `htdigest` scripts in `contrib`: |
| 178 | {{{#!sh |
| 179 | $ ./contrib/htpasswd.py -cb htpasswd user1 user1 |
| 180 | $ ./contrib/htpasswd.py -b htpasswd user2 user2 |
| 181 | }}} |
| 182 | |
| 183 | {{{#!sh |
| 184 | $ ./contrib/htdigest.py -cb htdigest trac user1 user1 |
| 185 | $ ./contrib/htdigest.py -b htdigest trac user2 user2 |