On Wednesday 01 November 2006 12:13, Emmanuel Blot wrote: > > As far as I get tell, the only understanding Trac has in terms of users > > is for authorization to various functions. That is, there is no list of > > user to which you can assign a ticket. As a result, one could assign the > > ticket to Anyone, even people who do not have access to the system. > > Not really.
As far as I can see, you can. If "restrict_owner=false", then I can put any user into the "assign to" field I want and a ticket is created. I assigned a ticket to [EMAIL PROTECTED] There is no such user. Thus "one could assign the ticket to Anyone, even people who do not have access to the system." > Trac manages "permissions" - who can do what, and the web server > manages "authentication" - verify that the user is allowed to access > the server, and provide the username to Trac > > If you activate the "restrict_owner" option (see the TracFaq for ex.), > nobody can assign a ticket to a non-existing user, as the "assign to" > free text field is replaced w/ a drop-down list filled w/ exising > usernames. That was part of the problem. You have to either know in advance that a drop-down list is possible and search for that phrase, or you have to quess and search for "drop-down". As I mention in another post, if you search for "Assign to" (as the field is labled on the NewTicket page), you do not find the "TracTickets" page. > > That is, the only users Trac knows about are the ones Apache > > knows about. Is that correct? > > Not fully. Apache does not actually "know" the users: it passes the > credentials (user / password) to an authentication backend. Apache > forwards the credentials, and authorizes or rejects the user based on > the response of the backend. If you use a LDAP backend for example, > you can add or remove users to the LDAP directory without changing > anything to the Apache configuration. You are being overly pendantic. > > Is there *currently* any other user administration functions? What > > is planned? > > There are some great plugins available: AccountManager for example, > that replaces the HTTP authentication with a custom authentication > scheme and manages the accounts: > http://trac-hacks.org/wiki/AccountManagerPlugin > > and the WebAdmin plugin (which will be part of the Trac core in the > next major release) allows to manage the Trac permissions from the web > interface. So there is nothing planned within Trac itself? Personally, I think that for any ticketing system account/user management should be part of the core product. Here we have two seperate "plugins", from apparently two separate sources to perform the single task "user management". To me that's not a good thing. Regards, Jim Mohr -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info --------------------------------------- NOTE: All messages sent to me in response to my posts to newsgroups, forums or mailing-lists are subject to reposting. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-users -~----------~----~----~----~------~----~------~--~---
