[EMAIL PROTECTED] said:
> ok, I see.
>
> Possibly there is a way to generate those .htdigest / .htpasswd files
> automated?
>
> This would be ok for the beginning, and would reduce effort.
I used something like this to let users set/modify their own passwords
in .htdigest, but no others. comments/security audits appreciated:
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
const char htdigest[] = "/usr/bin/htdigest";
struct passwd *pwd = getpwuid(geteuid());
if(!pwd) {
perror("getpwuid");
return EXIT_FAILURE;
}
execl(htdigest, "htdigest",
"/etc/apache2/htdigest-trac", "trac", pwd->pw_name,
(char *)NULL);
perror(htdigest);
return EXIT_FAILURE;
}
The idea is to make a group, call it tracpwd, make this program setgid
tracpwd (2755 root:tracpwd), make the htdigest file writable by this
group, and only allow htdigest to be called with set parameters. You
could probably do the same with sudo or something.
I suppose locking is called for, but this gets the job done.
Jason
_______________________________________________
Trac mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac
