Opened 15 years ago
Last modified 8 years ago
#5550 new enhancement
Enable use of multiple htpasswd files
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | normal | Component: | AccountManagerPlugin |
Severity: | normal | Keywords: | htpasswd file |
Cc: | Trac Release: | 0.11 |
Description
Hi, I have a setup with multiple htpasswd files per project. one for internal developers shared among many projects and one file per project for external developers. Is it possible to add more than one htpasswd files to the account manager. By doing so all users (intern and extern) could change their password within trac.
Attachments (0)
Change History (7)
comment:1 Changed 14 years ago by
Keywords: | htpasswd file added |
---|---|
Summary: | Enabble multiple htpasswd files → Enable use of multiple htpasswd files |
comment:2 Changed 14 years ago by
Keywords: | needinfo added |
---|---|
Owner: | changed from Matt Good to Steffen Hoffmann |
Would you dare to comment to my recently raised questions here, please?
I can't make promises about an implementation right now, but it's much more likely to miss expectations without feedback from your side.
comment:3 Changed 14 years ago by
sorry for the late answer i missed the first mail from trac.
one solution to implement this could be to specify one shared password file and one project password file. password changes should always written to the file where the password was stored before. New entires are added only by the admin in my case so he could specify to which file the new user should be added. duplicates could be a problem.. but again in my case the admin should take care of this problem. the plugin could ignore all duplicates. anther solution would to specify priorities of the password files and entries from higher priority files overwrite entries from the other files.
comment:4 follow-up: 6 Changed 14 years ago by
Keywords: | needinfo removed |
---|---|
Status: | new → assigned |
Ok, thanks for your feedback.
This ensures me, that you're still interested in this feature, and a little clearer how you think it should work.
Meanwhile I've thought it over, and this is my proposal:
- stick to
password_file
option, but allow to optionally parse it as a list in addition to basic string content, i.e. if a comma is detected - first list item
password_file[0]
will always be the «primary» file, that take precedence and will receive new entries, while I assume that it's just fine to update passwords in any file provided as authentication information resource - behavior on duplicated entries has to be investigated and ensures to be consistent and essentially nothing special for any config case; after all even duplicated lines in one AuthStore have to be handled
- without explicit request to update a password, there shouldn't be any action like overwriting different looking passwords in different AuthStores (Due to the nature of hashed passwords you never know without checking in parallel against the valid password, if they are really different or matching but with different salt!)
We might even allow for any number of a mix of password files in htdigest and htpasswd format, but this is a different story, as we already have #4677 for that feature.
comment:5 Changed 14 years ago by
as i use the webserver for authentication i dont know how he handles duplicate entries in the passwd files. so maybe the duplicate user cant login anymore? it would be nice if the plugin displays a warning if duplicate entries were found in the files.
comment:6 Changed 14 years ago by
Replying to hasienda:
- stick to
password_file
option, but allow to optionally parse it as a list in addition to basic string content, i.e. if a comma is detected
I changed my mind while coding to resolve #4677 lately. Now I'm recommending per-store options like htpasswd_file
and will dump the generic password_file
altogether soon (now speaking of yet-unpublished code for next release).
We might even allow for any number of a mix of password files in htdigest and htpasswd format, but this is a different story, as we already have #4677 for that feature.
Again, concurrent files for different stores are one issue (#4677), and multiple files per store is another one.
Multiple files per store are not supported now, up to and including acct_mgr-0.3, but should be resolved for the next release. However, it'll require substantial code changes to make it happen. Suggestions and patches welcome.
comment:7 Changed 8 years ago by
Owner: | Steffen Hoffmann deleted |
---|---|
Status: | assigned → new |
Not implemented by now, and there are some major issues to be cleared before:
While I understand you intention, I guess, the one-file solution is still a good thing. Maybe you could still limit access for external users to only one project by other means? Maybe something like realms for htdigest, but currently I don't know much about this anyway.