On Mon, Feb 16, 2009 at 4:54 PM, <[email protected]> wrote: >> > Hi,
Hi ... >> > One of the first things I do after setting up a Trac project on Apache >> > is to create a .htpasswd file with a user, say TracAdmin, and then >> > give that user TRAC_ADMIN rights. >> ... JFYI ... recently what I did was to use Trac + LDAP ... In this case users are already there (e.g. in MSAD | OpenLDAP dirs ;) but I still need to grant TRAC_ADMIN rights to at least one user ... however I saw somewhere in cyberspace some kind of SuperUserPlugin (... check out TH ;) which allows you to grant him TRAC_ADMIN rights to each and every Trac env (well ... at least that's the idea ... I have not tried it yet ... so tell us about your experience, if you ever use it ...). >> > However, didn't quite like the .htpasswd mechanism ... we are two now ... ;) >> > - since for every >> > user that I needed to add, I had to log into the server and add 'em. >> > And password management was a nightmare. >> Admins manage passwords (.htpassw ;) using users admin page in AccountManager plugin. Users change their own passw in account settings tab in preferences page (... CMIIW ...) >> > I looked up AccountManagerPlugin, and looked like it made my life >> > easier. Ooops ... >> > Installed it, and then enabled these components: >> > AccountManagerAdminPage, AccountManager, SessionStore, >> > AccountChangeListener, AccountChangeNotificationAdminPanel, >> > HtPasswdHashMethod, AccountModule, EmailVerificationModule, >> > LoginModule, RegistrationModule. >> >> > I intended to use SessionStore with HtPasswdHashMethod to keep track >> > of my users and their passwords. The AccountManagerPlugin wiki says >> > (here,http://trac-hacks.org/wiki/AccountManagerPlugin#LoginModule) >> > that, to use the Login Module, I need to disable HTTP based >> > authentication provided by Apache. >> Nop ... in my case I delegate auth to Apache and I use AccountManagerPlugin ... What happened in my case was that users could not logout off the site. That's why they recommend disabling default LoginModule and enabling AccountManagerPlugin's in order to use form-based auth. However, IMO, this is Trac limitation, IMO again a missing feature :( That's why I coded my own login modules (yes ... they are three so far ...). I have not announced them yet since IMO they are still in alpha stage ... but they behave pretty well (... with HTTP Digest auth ;) ... and they effectively log users out off Trac site ... >> > My question: >> >> > If I were to enable AccountManagerPlugin before creating any users, >> > how do I go about creating the first user with TRAC_ADMIN rights?? >> - Perhaps using SuperUserPlugin. - Perhaps using LDAP groups. - Another idea ... it is possible to implement a Trac component hooking IEnvironmentSetupParticipant to grant TRAC_ADMIN rights to this single user (and optionally create the user if it does not exists ... but this is not mandatory ;). I dont know if this is the way SuperUserPlugin behaves itself ... anyway ... Else this is some kind of chicken egg situation ... and the only solution I see so far is using $ trac-admin <env> permission add <myuser_group> TRAC_ADMIN Pls ... tell us about your research and results ... ;) -- Regards, Olemis. Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article: --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-users?hl=en -~----------~----~----~----~------~----~------~--~---
