close Warning: Error with navigation contributor "LoginModule"

Changes between Version 2 and Version 3 of TracStandalone


Ignore:
Timestamp:
Apr 26, 2012, 4:07:51 PM (13 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TracStandalone

    v2 v3  
    8383 
    8484Use [http://trac-hacks.org/wiki/WindowsServiceScript WindowsServiceScript], available at [http://trac-hacks.org/ Trac Hacks]. Installs, removes, starts, stops, etc. your Trac service. 
     85 
     86=== Option 3 === 
     87 
     88also cygwin's cygrunsrv.exe can be used: 
     89{{{ 
     90$ cygrunsrv --install tracd --path /cygdrive/c/Python27/Scripts/tracd.exe --args '--port 8000 --env-parent-dir E:\IssueTrackers\Trac\Projects' 
     91$ net start tracd 
     92}}} 
    8593 
    8694== Using Authentication == 
     
    127135=== Basic Authorization: Using a htpasswd password file === 
    128136This section describes how to use `tracd` with Apache .htpasswd files. 
     137 
     138  Note: It is necessary (at least with Python 2.6) to install the fcrypt package in order to 
     139  decode the htpasswd format.  Trac source code attempt an `import crypt` first, but there 
     140  is no such package for Python 2.6. 
    129141 
    130142To create a .htpasswd file use Apache's `htpasswd` command (see [#GeneratingPasswordsWithoutApache below] for a method to create these files without using Apache): 
     
    261273See also [trac:TracOnWindowsIisAjp], [trac:TracNginxRecipe]. 
    262274 
     275=== Authentication for tracd behind a proxy 
     276It is convenient to provide central external authentication to your tracd instances, instead of using {{{--basic-auth}}}. There is some discussion about this in #9206. 
     277 
     278Below is example configuration based on Apache 2.2, mod_proxy, mod_authnz_ldap. 
     279 
     280First we bring tracd into Apache's location namespace. 
     281 
     282{{{ 
     283<Location /project/proxified> 
     284        Require ldap-group cn=somegroup, ou=Groups,dc=domain.com 
     285        Require ldap-user somespecificusertoo 
     286        ProxyPass http://localhost:8101/project/proxified/ 
     287        # Turns out we don't really need complicated RewriteRules here at all 
     288        RequestHeader set REMOTE_USER %{REMOTE_USER}s 
     289</Location> 
     290}}} 
     291 
     292Then we need a single file plugin to recognize HTTP_REMOTE_USER header as valid authentication source. HTTP headers like '''HTTP_FOO_BAR''' will get converted to '''Foo-Bar''' during processing. Name it something like '''remote-user-auth.py''' and drop it into '''proxified/plugins''' directory: 
     293{{{ 
     294#!python 
     295from trac.core import * 
     296from trac.config import BoolOption 
     297from trac.web.api import IAuthenticator 
     298 
     299class MyRemoteUserAuthenticator(Component): 
     300 
     301    implements(IAuthenticator) 
     302 
     303    obey_remote_user_header = BoolOption('trac', 'obey_remote_user_header', 'false',  
     304               """Whether the 'Remote-User:' HTTP header is to be trusted for user logins  
     305                (''since ??.??').""")  
     306 
     307    def authenticate(self, req): 
     308        if self.obey_remote_user_header and req.get_header('Remote-User'):  
     309            return req.get_header('Remote-User')  
     310        return None 
     311 
     312}}} 
     313 
     314Add this new parameter to your TracIni: 
     315{{{ 
     316... 
     317[trac] 
     318... 
     319obey_remote_user_header = true 
     320... 
     321}}} 
     322 
     323Run tracd: 
     324{{{ 
     325tracd -p 8101 -r -s proxified --base-path=/project/proxified 
     326}}} 
     327 
    263328=== Serving a different base path than / === 
    264329Tracd supports serving projects with different base urls than /<project>. The parameter name to change this is