I'm within the works of establishing a Trac server for my (small) company and want a little of help/guidance using the authentication mechanism.
We've for a while developed our very own web application which our customers access within their daily work. It's build in php5.3 and features a customers database saved inside a mysql database. I've been requested to consider the options for Trac to make use of our existing user database to be able to keep user maintenance low. Have you got any suggestions or strategies for doing that?
Here's what I've develop to date:
- Install Trac on our server (presently completed with mysql/apache2/mod_python), try not to grant use of anybody around the internet.
- Write a php wrapper script that
- Handles the authentication mechanism.
- Passes the request to Trac using the username incorporated.
- Trac handles the request because the specified user
The issue is I'm not sure how you can do step two.
To begin with, avoid using mod_python, use mod_wsgi.
Second, there are several choices for how you can do authentication. One option may be to simply use mod_authn_dbd having a MySQL after sales, keeping your authn within the apache2 config.
Third, consider Trac's AccountManager. It's probably the most helpful Trac plug ins (it's used by us at the office), and can help you understand this right. http://trac-hacks.org/wiki/AccountManagerPlugin
What you're searching for is known as Single Sign Up.
Are you currently running Trac on Apache? For the reason that situation, it appears to become easy to take advantage of the items user authentication connects (LDAP...) Apache can interface with. Take a look at this conversation.
You will find several SSO plug ins offered at Trac Hacks, included in this an LDAP one.
Only a quick follow-up: I wound up using Carsten Fuchs ScriptAuthPlugin (modifying it to md5-hash the password). Much like TracCoSign, all you want provide, is definitely an address that ScriptAuthPlugin can validate user qualifications. Works nicely :-)