问题
I am using Trac 0.12.3 in a multi project setup with subversion and am using AccountManagerPlugin from the trunk. The default index page enlists all the project directories and clicking on any of them takes me to the trac page for that project. When I try to login, I am successfully authenticated, however, coming to another project needs me to log in again. I wanted to use single sign on and followed the steps mentioned at http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration#SingleSignOn
It always asks me to sign in for every project.
My apache config:
<VirtualHost *:80>
ServerName trac.myproject.com
ServerAdmin your@email.com
DocumentRoot /trac
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory />
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog /var/log/apache2/error.log
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
<Location /svn>
DAV svn
SVNParentPath /svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/svnauth
Require valid-user
AuthzSVNAccessFile /etc/svnaccess
</Location>
<LocationMatch "/.+">
SetHandler mod_python
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /trac/
PythonOption TracUriRoot /
#AuthType Basic
#AuthName "Trac"
#AuthUserFile /etc/svnauth
#Require valid-user
</LocationMatch>
</VirtualHost>
Trac.ini file, from which all the other project specific trac.ini files are inherited:
[trac]
trac_auth = /trac/cookie
trac_auth_session = /trac/session
#I have also tried setting it as trac_auth_cookie = /trac/cookie
[header_logo]
alt = Logo
height = -1
link = /
src = http://projects.hostgeyser.com/templates/frost/images/logo%20250%20x%2089_new.png
width = -1
[components]
acct_mgr.admin.* = enabled
acct_mgr.api.* = enabled
acct_mgr.db.sessionstore = enabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.pwhash.htpasswdhashmethod = disabled
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.* = enabled
trac.web.auth.loginmodule = disabled
acct_mgr.http.httpauthstore = enabled
[account-manager]
password_store = HtPasswdStore
htpasswd_hash_type = md5
htpasswd_file = /etc/svnauth
回答1:
You can't mix authentication as you do here:
- Apache config by
AuthType Basic - AccountManager LoginModule (enabled by
acct_mgr.web_ui.* = enabled)
Decide for only one of these. If you want SSO from AcctMgr, then stick to auth_cookie_path = <all-env-common-basepath>. The wiki page TracIni has all valid configuration keys for your Trac application, what is Trac environment-specific, depending on enabled components and installed Trac plugins.
回答2:
Double-tricky. I just tapped into the same gaffes. Documentation (as well as hasienda's answer) speak of a "base-path", which easily let's one think about the file-system (and something like the session files used by PHP sessions). That's mistake number one: It's the URL path to the trac parent environment. So if your trac projects are using something like http://www.example.org/trac/<project>, your setting must be auth_cookie_path = /trac.
Second trap: Old cookies remaining in the browser. Though I finally adjusted my auth_cookie_path as described above, I was still unable to authenticate. There was an old trac_auth cookie from one project sitting in my jar. After I removed that one, it started working like a charm!
来源:https://stackoverflow.com/questions/9495827/trac-single-signon-not-working-as-mentioned-in-the-cookbook