«
»

Recently at HTG, we had the need to have anonymous access to create Trac tickets. This is all well and good if you are using Trac with it’s own built in authentication; however, it gets a little more hairy when you are trying to use PAM for authentication. The big gain from PAM is that our developers only need 1 password for login to the box, login to SVN, and login to Trac. I could have figured this out a lot sooner if I’d read the documentation better; however, that’s not a typical engineer/hacker attitude. Also, this wasn’t able to be found by Google because so many people have “provided by ‘Trac’” in their pages that sifting just took forever. Anyway, here’s our setup for PAM authentication (this goes in your location /projects tag):

<location /projects>
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir /opt/trac
        PythonOption TracUriRoot "/projects"
        PythonDebug on

        PythonPath "sys.path + ['/opt/trac']"

        AuthType Basic
        AuthName "Dev"
        AuthPAM_Enabled on
        Require group admin
</location>

Pretty simple, just sets up our generic stuff. This is what I had to add to change it to get anonymous authentication AND HTTP basic auth when you click the little login button (our Trac is setup so anonymous can read the how-to’s in the wiki, but nothing else).

<location /projects>
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir /opt/trac
        PythonOption TracUriRoot "/projects"

        PythonPath "sys.path + ['/opt/trac']"

#       AuthType Basic
#       AuthName "Dev"
#       AuthPAM_Enabled on
#       Require group admin
</location>

<location /projects/*/login>;
        SetHandler mod_python
        PythonHandler trac.web.modpython_frontend
        PythonOption TracEnvParentDir /opt/trac
        PythonOption TracUriRoot "/projects"

        PythonPath "sys.path + ['/opt/trac']"

       AuthType Basic
       AuthName "Dev"
       AuthPAM_Enabled on
       Require group admin
</location>

There is probably some repeat stuff in there; but it doesn’t seem to break things. Hope this helps someone else out there looking to do the same thing. As a side note, this is not generally a good idea since your are sending basic auth (i.e. plain text) login info over unencrypted connections.

Update:Stupid WordPress wasn’t auto-escaping the code correctly, if you view it now, you should be able to see the location tags used in the apache configuration.

This entry was posted on 26 January 2007 at 5:16 pm and is filed under Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Comments

  1. Aaron says:

    Thanks!! This helped me get PAM setup on my home projects. I was getting tired of the idea of using random authentication files everywhere. I’ve got SVN setup w/ PAM (via apache) and now trac is too! Thanks again!

    2 May 2007, 1:54 pm

  2. Wyatt says:

    No problem, that’s why I put these up. I hate it when I have to search forever trying to find this crap, so if I can make it easier for one other person to figure it out, it was worth the pain to figure it out.

    2 May 2007, 10:43 pm

  3. Glenn Ruben Bakke says:

    Nice!!! Love your post here.. it helped me from giving up. I have been strugling with this for hours now, but your solution made it! ;)

    6 August 2007, 2:39 pm

  4. Eldar says:

    Thanks – that actually helped me setup trac w/ apache on windows w/ similar permissions as yours.

    2 June 2008, 10:08 pm

Leave a Reply

You must be logged in to post a comment.