Having Fun with Trac: Tracd + Digest Authentication

Tracd is a lightweight standalone Trac web server, which was added to Trac framework since version 0.7. Running Trac on Tracd is very simple, while needs a bit more work with authentication. Tracd supports both Basic and Digest authentication. The default is to use Digest authentication. In certain situations, I found out that Digest authentication is an easy and quick way to provide access controls to Trac web application. Here are the steps to create Digest authentication for tracd web server:

1. Creating a Password File

We used the htdigest tool which Apache provides to create a digest password file. The following command creates a digest password file users.mytest with realm name mytest and also adds user tom to the file:

htdigest -c tractest/users.mytest mytest tom

If file users.mytest exits, then we should remove option –c in the command above. We will be promoted for a password to enter for each user that we create.

2. Creating Trac Permissions

We also need to add Trac permissions for each user created in step 1. Permission privileges are managed using the trac-admin tool. For example, the following command will grant all privileges to user tom to project tractest:

trac-admin tractest/ permission add tom TRAC_ADMIN

3. Using Digest Authentication

The following command will force Tracd to trace users' activities with project tractest using Digest authentication:

tracd -p 1234 -a tractest, tractest/users.mytest, mytest tractest

When launching Trac from http://localhost:1234/tractest/login, a log-in form pops up and asks for user's name and password. Tracd also allows sharing a password file among multiple projects on one instance of Trac.

Reference:

Tracd : http://trac.edgewall.org/wiki/TracStandalone
Trac Permission: http://trac.edgewall.org/wiki/TracPermissions