Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Trac: Users

logout

  

 
Trac users RSS feed   Index | Next | Previous | View Threaded


dominik.riva at update

May 14, 2008, 7:39 AM

Post #1 of 8 (259 views)
Permalink
logout
Hi

I can't logout of Trac 0.11b1, better yet I should not even be logged
in!

The whole trac (multi projects) runs in one wsgi instance that is
protected by a .htpasswd file. One project I changed to use the
AccountManagerPlugin 0.2dev-r3111 (disabled trac.web.auth.loginmodule)
but this enables only the administration of the .htpasswd file, as the
user is still logged in only by authentication with the server :(

> [account-manager]
> password_file = /Library/WebServer/Documents/trac/.htpasswd
> password_store = HtPasswdStore
>
> [components]
> acct_mgr.admin.accountmanageradminpage = enabled
> acct_mgr.api.accountmanager = enabled
> acct_mgr.db.sessionstore = disabled
> acct_mgr.htfile.abstractpasswordfilestore = enabled
> acct_mgr.htfile.htdigeststore = disabled
> acct_mgr.htfile.htpasswdstore = enabled
> acct_mgr.http.httpauthstore = disabled
> acct_mgr.pwhash.htdigesthashmethod = enabled
> acct_mgr.pwhash.htpasswdhashmethod = enabled
> acct_mgr.svnserve.svnservepasswordstore = disabled
> acct_mgr.web_ui.accountmodule = enabled
> acct_mgr.web_ui.loginmodule = enabled
> acct_mgr.web_ui.registrationmodule = enabled
> trac.web.auth.loginmodule = disabled


Regards and thanks for all ideas

Dominik Riva | Technik
update AG - Agentur fuer Kommunikation | Seefeldstrasse 5a | CH-8008
Zurich
Tel. +41 44 266 50 10 | Direkt +41 44 266 50 19 | Fax +41 44 266 50 11
mailto:dominik.riva[at]update.ch | Website http://www.update.ch


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 14, 2008, 7:42 AM

Post #2 of 8 (254 views)
Permalink
Re: logout [In reply to]
Dominik Riva wrote:
> Hi
>
> I can't logout of Trac 0.11b1, better yet I should not even be logged
> in!
>
> The whole trac (multi projects) runs in one wsgi instance that is
> protected by a .htpasswd file. One project I changed to use the
> AccountManagerPlugin 0.2dev-r3111 (disabled trac.web.auth.loginmodule)
> but this enables only the administration of the .htpasswd file, as the
> user is still logged in only by authentication with the server :(

You also need to remove the authentication config from your server.

--Noah
Attachments: signature.asc (0.24 KB)


dominik.riva at update

May 14, 2008, 7:50 AM

Post #3 of 8 (254 views)
Permalink
Re: logout [In reply to]
Am 14.05.2008 um 16:42 schrieb Noah Kantrowitz:

> Dominik Riva wrote:
>> Hi
>> I can't logout of Trac 0.11b1, better yet I should not even be
>> logged in!
>> The whole trac (multi projects) runs in one wsgi instance that is
>> protected by a .htpasswd file. One project I changed to use the
>> AccountManagerPlugin 0.2dev-r3111 (disabled
>> trac.web.auth.loginmodule) but this enables only the
>> administration of the .htpasswd file, as the user is still logged
>> in only by authentication with the server :(
>
> You also need to remove the authentication config from your server.
>
> --Noah

Not possible as it needs to be a secret on what projects we are
working or does the AccountManagerPlugin protect the project listing?

Dominik Riva | Technik
update AG - Agentur fuer Kommunikation | Seefeldstrasse 5a | CH-8008
Zurich
Tel. +41 44 266 50 10 | Direkt +41 44 266 50 19 | Fax +41 44 266 50 11
mailto:dominik.riva[at]update.ch | Website http://www.update.ch


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 14, 2008, 8:00 AM

Post #4 of 8 (254 views)
Permalink
Re: logout [In reply to]
Dominik Riva wrote:
> Am 14.05.2008 um 16:42 schrieb Noah Kantrowitz:
>
>> Dominik Riva wrote:
>>> Hi
>>> I can't logout of Trac 0.11b1, better yet I should not even be
>>> logged in!
>>> The whole trac (multi projects) runs in one wsgi instance that is
>>> protected by a .htpasswd file. One project I changed to use the
>>> AccountManagerPlugin 0.2dev-r3111 (disabled
>>> trac.web.auth.loginmodule) but this enables only the
>>> administration of the .htpasswd file, as the user is still logged
>>> in only by authentication with the server :(
>> You also need to remove the authentication config from your server.
>>
>> --Noah
>
> Not possible as it needs to be a secret on what projects we are
> working or does the AccountManagerPlugin protect the project listing?

Then you are still using HTTP authentication, and therefore have no
logout ability. You can look into using TracForge, as its enhanced
project listing page supports hiding projects based on permissions.

--Noah
Attachments: signature.asc (0.24 KB)


dominik.riva at update

May 14, 2008, 8:26 AM

Post #5 of 8 (254 views)
Permalink
Re: logout [In reply to]
Am 14.05.2008 um 17:00 schrieb Noah Kantrowitz:
>
> Then you are still using HTTP authentication, and therefore have no
> logout ability. You can look into using TracForge, as its enhanced
> project listing page supports hiding projects based on permissions.
>
> --Noah


So trac.web.auth.loginmodule is as useful as an vermiform appendix or
do I miss some thing?

Dominik Riva | Technik
update AG - Agentur fuer Kommunikation | Seefeldstrasse 5a | CH-8008
Zurich
Tel. +41 44 266 50 10 | Direkt +41 44 266 50 19 | Fax +41 44 266 50 11
mailto:dominik.riva[at]update.ch | Website http://www.update.ch


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 14, 2008, 8:40 AM

Post #6 of 8 (253 views)
Permalink
Re: logout [In reply to]
Dominik Riva wrote:
> Am 14.05.2008 um 17:00 schrieb Noah Kantrowitz:
>> Then you are still using HTTP authentication, and therefore have no
>> logout ability. You can look into using TracForge, as its enhanced
>> project listing page supports hiding projects based on permissions.
>>
>> --Noah
>
>
> So trac.web.auth.loginmodule is as useful as an vermiform appendix or
> do I miss some thing?

LoginModule is what grants you a session cookie based on the value of
REMOTE_USER. If in future requests REMOTE_USER isn't set, the session
cookie can provide the username. You have authentication enforced
everywhere, not just /login, so REMOTE_USER will always be available,
and the session cookies are superfluous. AccountManager's form-based
LoginModule inherits from the core one, and so follows the same
behavior. If REMOTE_USER is set, it will always be used before anything
else.

--Noah
Attachments: signature.asc (0.24 KB)


dominik.riva at update

May 14, 2008, 8:52 AM

Post #7 of 8 (253 views)
Permalink
Re: logout [In reply to]
Am 14.05.2008 um 17:40 schrieb Noah Kantrowitz:

> Dominik Riva wrote:
>> Am 14.05.2008 um 17:00 schrieb Noah Kantrowitz:
>>> Then you are still using HTTP authentication, and therefore have
>>> no logout ability. You can look into using TracForge, as its
>>> enhanced project listing page supports hiding projects based on
>>> permissions.
>>>
>>> --Noah
>> So trac.web.auth.loginmodule is as useful as an vermiform appendix
>> or do I miss some thing?
>
> LoginModule is what grants you a session cookie based on the value
> of REMOTE_USER. If in future requests REMOTE_USER isn't set, the
> session cookie can provide the username. You have authentication
> enforced everywhere, not just /login, so REMOTE_USER will always be
> available, and the session cookies are superfluous. AccountManager's
> form-based LoginModule inherits from the core one, and so follows
> the same behavior. If REMOTE_USER is set, it will always be used
> before anything else.
>
> --Noah
>

Thank you for the explanation. How stable is this TracForge?

I don't want to risk any thing on this Trac beta on OS X 10.4 Client -
needs a reboot to find plugins - needed a week of fiddling before it
worked - system in production (don't ask).

Dominik Riva | Technik
update AG - Agentur fuer Kommunikation | Seefeldstrasse 5a | CH-8008
Zurich
Tel. +41 44 266 50 10 | Direkt +41 44 266 50 19 | Fax +41 44 266 50 11
mailto:dominik.riva[at]update.ch | Website http://www.update.ch


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac Users" group.
To post to this group, send email to trac-users[at]googlegroups.com
To unsubscribe from this group, send email to trac-users-unsubscribe[at]googlegroups.com
For more options, visit this group at http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---


kantrn at rpi

May 14, 2008, 9:13 AM

Post #8 of 8 (253 views)
Permalink
Re: logout [In reply to]
Dominik Riva wrote:
> Am 14.05.2008 um 17:40 schrieb Noah Kantrowitz:
>
>> Dominik Riva wrote:
>>> Am 14.05.2008 um 17:00 schrieb Noah Kantrowitz:
>>>> Then you are still using HTTP authentication, and therefore have
>>>> no logout ability. You can look into using TracForge, as its
>>>> enhanced project listing page supports hiding projects based on
>>>> permissions.
>>>>
>>>> --Noah
>>> So trac.web.auth.loginmodule is as useful as an vermiform appendix
>>> or do I miss some thing?
>> LoginModule is what grants you a session cookie based on the value
>> of REMOTE_USER. If in future requests REMOTE_USER isn't set, the
>> session cookie can provide the username. You have authentication
>> enforced everywhere, not just /login, so REMOTE_USER will always be
>> available, and the session cookies are superfluous. AccountManager's
>> form-based LoginModule inherits from the core one, and so follows
>> the same behavior. If REMOTE_USER is set, it will always be used
>> before anything else.
>>
>> --Noah
>>
>
> Thank you for the explanation. How stable is this TracForge?
>
> I don't want to risk any thing on this Trac beta on OS X 10.4 Client -
> needs a reboot to find plugins - needed a week of fiddling before it
> worked - system in production (don't ask).

It is not considered production-ready for 0.11. That particular feature
works fine, however others have issues and there is no documentation for
the 0.11 branch yet.

--Noah
Attachments: signature.asc (0.24 KB)

Trac users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.