[Trac] account-manager, internal and external configuration

Fri, 16 Apr 2010 09:17:11 -0700 

Folks;
not sure whether this is sort of an FAQ, but at the very least I have not yet found a solution to _all_ my given problems running authenticated trac. Here's the scenario: We run a trac host internally which needs to be accessible from "the external internet", and access control should be more or less like this: 


- Users accessing trac from the public internet mustn't even be able to 
read anything inside the trac site, so at the moment we use HTTP-BASIC 
authentication to control site access.



- Internal users should be provided with read-only access to trac wiki 
pages, issues, ... .



- Internal users, however, should be required to login before doing any 
changes (posting issues, editing content, ...).



We run account-manager and web-admin plugins installed, trac itself runs 
in mod_python / apache 2.2 on an internal host which lives behind 
another apache 2.2 in reverse-proxy configuration. Right now, I enjoyed 
some quality time playing with various access control configurations in 
apache configuration ("order deny,allow", that kind of stuff), but not 
really to my satisfaction:



- Disabling HTTP-AUTH for local network altogether lets me access the 
site, but it doesn't provide me with some login facility anymore. 
Moreover, by then trying to manually enter ../login in the browser just 
ends up with an error like "No handler found for /login".



- Goin' with form-based login altogether, so far I didn't manage to find 
a way of keeping anonymous people from having read-only access to the site.



- Doing HTTP-AUTH on the reverse-proxy machine does most of what I want, 
but by then local users again do not have any way of how to log in to 
the trac installment.




Hmmmm... running out of options it seems, or maybe I just haven't yet 
found the right place where to peek. Can any kind soul provide some 
enlightenment about that?


TIA and all the best,
Kristian

--
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/trac-users?hl=en.























					Reply via email to