W. Martin Borgert wrote:
> Quoting Iain Buchanan<[EMAIL PROTECTED]>:
>> W. Martin Borgert wrote:
>>> Hi, I have created multiple trac instances for my projects. All are
>>> running via the same Apache server and WSGI. Authentication is done
>>> via AuthType Basic and the usual .htpasswd file. Every project has
>>> it's own set of users, but some users have accounts in more than one
>>> of the instances. So I don't want to add users globally to all
>>> projects. But it would be convenient, if a user could use the same
>>> password in all instances and a password change would reflect to all
>>> instances (maybe also preference changes). Is there some way to do
>>> this? TIA!
>> You can do this by sharing the .htpasswd file amongst all tracs.
>> However, you can't have a basic "authenticated" permission, otherwise
>> any authenticated user would have access to any trac.
>>
>> Instead you need to get rid of all permissions from "authenticated" and
>> add desired permissions to "users" for each trac.
>
> "users" is a trac-defined magic value, like "anonymous" or
> "authenticated"?
no, I don't think so. In reality, we used "staff" and some other
company names for the groups. Just create the permissions for the group
you want (no need to put "staff" in .htaccess):
> permission add staff TICKET_APPEND
> permission add staff TICKET_CREATE
This will just "create" a group called "staff". Then add users to it:
> permission add userfoo staff
And userfoo can now create and append tickets.
>> Then do a "permission
>> add userfoo users" in trac1 and "permission add userbar users" in trac2.
>> This gives userfoo access to trac1 and userbar access to trac2. (thats
>> trac-admin syntax, you could do it from the www interface too).
>
> One problem: I use the same .htpasswd files for both trac and the
> related SVN repositories. However, Apache/SVN do not care about
> trac permissions, right?
That's right, but the .htpasswd file doesn't store trac permissions,
only the users that can log on. Once you've logged on, trac looks up
what permissions you have elsewhere (not sure where it stores them).
> And it would be nice, to have the possibility of synchronising
> user preferences, e-mail address etc. as well.
Yes, this would be nice, but it is one drawback of the method I use.
HTH,
--
Iain Buchanan <iain at pcorp dot com dot au>
Gordon's first law:
If a research project is not worth doing, it is not worth doing well.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---
