| 62 | Tracd provides support for both Basic and Digest authentication. The default is to use Digest; to use Basic authentication, replace `--auth` with `--basic-auth` in the examples below. (You must still specify a dialogic "realm", which can be an empty string by trailing the BASICAUTH with a comma.) |
| 63 | |
| 64 | ''Support for Basic authentication was added in version 0.9.'' |
| 65 | |
| 66 | The general format for using authentication is: |
| 67 | |
| 68 | {{{ |
| 69 | $ tracd -p port --auth=base_project_dir,password_file_path,realm project_path |
| 70 | }}} |
| 71 | |
| 72 | where: |
| 73 | |
| 74 | * '''base_project_dir''' is the base directory of the project; note: this doesn't refer to the project name, and it is case-sensitive even for windows environments |
| 75 | * '''password_file_path''' path of the password file |
| 76 | * '''realm''' realm |
| 77 | * '''project_path''' path of the project |
| 78 | |
| 79 | Example: |
| 80 | |
| 81 | {{{ |
| 82 | $ tracd -p 8080 \ |
| 83 | --auth=project1,/path/to/users.htdigest,mycompany.com /path/to/project1 |
| 84 | }}} |
| 85 | Of course, the digest file can be be shared so that it is used for more than one project: |
| 86 | {{{ |
| 87 | $ tracd -p 8080 \ |
| 88 | --auth=project1,/path/to/users.htdigest,mycompany.com \ |
| 89 | --auth=project2,/path/to/users.htdigest,mycompany.com \ |
| 90 | /path/to/project1 /path/to/project2 |
| 91 | }}} |
| 92 | |
| 93 | Another way to share the digest file is to specify "*" |
| 94 | for the project name: |
| 95 | {{{ |
| 96 | $ tracd -p 8080 \ |
| 97 | --auth=*,/path/to/users.htdigest,mycompany.com \ |
| 98 | /path/to/project1 /path/to/project2 |
| 99 | }}} |
| 100 | |
| 101 | == How to set up an htdigest password file == |
| 102 | |
| 103 | If you have Apache available, you can use the htdigest command to generate the password file. Type 'htdigest' to get some usage instructions, or read [http://httpd.apache.org/docs/2.0/programs/htdigest.html this page] from the Apache manual to get precise instructions. You'll be prompted for a password to enter for each user that you create. For the name of the password file, you can use whatever you like, but if you use something like `users.htdigest` it will remind you what the file contains. As a suggestion, put it in your <projectname>/conf folder along with the [TracIni trac.ini] file. |
| 104 | |
| 105 | Note that you can start tracd without the --auth argument, but if you click on the ''Login'' link you will get an error. |
| 106 | |
| 107 | == Generating Passwords Without Apache == |
| 108 | |
| 109 | If you don't have Apache available, you can use this simple Python script to generate your passwords: |
| 110 | |
| 111 | {{{ |
| 112 | #!python |
| 113 | from optparse import OptionParser |
| 114 | import md5 |
| 115 | |
| 116 | # build the options |
| 117 | usage = "usage: %prog [options]" |
| 118 | parser = OptionParser(usage=usage) |
| 119 | parser.add_option("-u", "--username",action="store", dest="username", type = "string", |
| 120 | help="the username for whom to generate a password") |
| 121 | parser.add_option("-p", "--password",action="store", dest="password", type = "string", |
| 122 | help="the password to use") |
| 123 | (options, args) = parser.parse_args() |
| 124 | |
| 125 | # check options |
| 126 | if (options.username is None) or (options.password is None): |
| 127 | parser.error("You must supply both the username and password") |
| 128 | |
| 129 | # Generate the string to enter into the htdigest file |
| 130 | realm = 'trac' |
| 131 | kd = lambda x: md5.md5(':'.join(x)).hexdigest() |
| 132 | print ':'.join((options.username, realm, kd([options.username, realm, options.password]))) |
| 133 | }}} |
| 134 | |
| 135 | Note: If you use the above script you must use the --auth option to tracd, not --basic-auth, and you must set the realm in the --auth value to 'trac' (without the quotes). Example usage (assuming you saved the script as trac-digest.py): |
| 136 | |
| 137 | {{{ |
| 138 | python trac-digest.py -u username -p password >> c:\digest.txt |
| 139 | tracd --port 8000 --auth=proj_name,c:\digest.txt,trac c:\path\to\proj_name |
| 140 | }}} |
| 141 | |
| 142 | Note: If you would like to use --basic-auth you need to use htpasswd tool from apache server to generate .htpasswd file. The remaining part is similar but make sure to use empty realm (i.e. coma after path). When using on Windows make sure to use -m option for it (did not tested it on *nix, so not sure if that is the case there). If you do not have Apache, [trac:source:/tags/trac-0.11b2/contrib/htpasswd.py htpasswd.py] may help. (Note that it requires a `crypt` or `fcrypt` module; see the source comments for details.) |
| 143 | |
| 144 | It is possible to use md5sum utility to generate digest-password file using such method: |
| 145 | {{{ |
| 146 | echo -e "${user}:trac:${password}\c" | md5sum - >>to-file |
| 147 | }}} |
| 148 | and manually delete " -" from the end and add "${user}:trac:" to the start of line from 'to-file'. You can see attachment:trac-digest-corrected.sh for detail. |
| 149 | |
| 150 | == Tips == |
| 151 | |
| 152 | === Serving static content === |
| 153 | |
| 154 | If `tracd` is the only webserver used for the project, |
| 155 | it can also be used to distribute static content |
| 156 | (tarballs, Doxygen documentation, etc.) |
| 157 | |
| 158 | This static content should be put in the `$TRAC_ENV/htdocs` folder, |
| 159 | and is accessed by URLs like `<project_URL>/chrome/site/...`. |
| 160 | |
| 161 | Example: given a `$TRAC_ENV/htdocs/software-0.1.tar.gz` file, |
| 162 | the corresponding relative URL would be `/<project_name>/chrome/site/software-0.1.tar.gz`, |
| 163 | which in turn can be written using the relative link syntax |
| 164 | in the Wiki: `[/<project_name>/chrome/site/software-0.1.tar.gz]` |
| 165 | |
| 166 | The development version of Trac supports a new `htdocs:` TracLinks |
| 167 | syntax for the above. With this, the example link above can be written simply |
| 168 | `htdocs:software-0.1.tar.gz`. |
| 169 | |
| 170 | === Using apache rewrite rules === |
| 171 | In some situations when you choose to use tracd behind apache, you might experience issues with redirects, like being redirected to URLs with the wrong host or protocol. In this case (and only in this case), setting the `[trac] use_base_url_for_redirect` to `true` can help, as this will force Trac to use the value of `[trac] base_url` for doing the redirects. |
| 172 | |
| 173 | === Serving a different base path than / === |
| 174 | Tracd supports serving projects with different base urls then /<project>. The parameter name to change this is |
| 175 | {{{ |
| 176 | tracd --base-path=/some/path |
| 177 | }}} |
| 178 | |