[H-SASIG] What is going on with Traq and Authentication? Stephen, please respond...

[Raymond Smith]

2009/12/23 Stephen Thomas <stephen at sanctuary.quollified.com>:
> Firstly I've taken most of my holidays outside of mobile range and without
> internet access, so I must apologise for going silent...  I'm back now and
> feel free to tell me off :)

Nah -- it is all good -- I have been within mobile range and with
internet access but far to busy to get back to this issue before now
:-) I really just wanted to make sure I was not doubling up on work.

> Authentication is still via that .htpasswd file in the root of the trac
> instance.  I can't think of a simple way of doing it better, or if moving to
> ldap is a good idea or not...
>
> I don't know trac too well, and I've never had the ticketing system set up
> for anonymous requests (Though I'm sure there's a way to, I'll look in to
> that..)  -- Although if we want everyone to be able to submit tickets, if
> there's a way to source auth information from the wiki and just do ACL on
> trac's side, that would be a way for us to say 'only members can make
> requests' - is that what we'd want instead perhaps?

Maybe. Simply requiring an authenticated "wiki session" before you
could access Traq at all would do the trick. I am not sure how to
achieve that result using Apache/MoinMoin/Traq.

I have recently used Traq to report a bug, as a simple user, and their
setup involved a simple registration process ("provide email, confirm
email, log-in and have a ball") for access to create tickets. That
suggests to me that there is some sort of module available which makes
this sort of registration easy. That might be another possibility.

I'll undertake to do some research on this and report back within the
next two weeks or so.

Cheers,

Raymond