[SETUP] - Using Unix Users and Groups for Trac Authentication
- From: Jason Lunz <lunz (at) falooley.org>
- Date: Mon, 20 Feb 2006 17:24:42 +0000 (UTC)
ilias (at) lazaridis.com said:
> ok, I see.
>
> Possibly there is a way to generate those .htdigest / .htpasswd files
> automated?
>
> This would be ok for the beginning, and would reduce effort.
I used something like this to let users set/modify their own passwords
in .htdigest, but no others. comments/security audits appreciated:
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
const char htdigest[] = "/usr/bin/htdigest";
struct passwd *pwd = getpwuid(geteuid());
if(!pwd) {
perror("getpwuid");
return EXIT_FAILURE;
}
execl(htdigest, "htdigest",
"/etc/apache2/htdigest-trac", "trac", pwd->pw_name, (char *)NULL);
perror(htdigest);
return EXIT_FAILURE;
}
The idea is to make a group, call it tracpwd, make this program setgid
tracpwd (2755 root:tracpwd), make the htdigest file writable by this
group, and only allow htdigest to be called with set parameters. You
could probably do the same with sudo or something.
I suppose locking is called for, but this gets the job done.
Jason
_______________________________________________
Trac mailing list
Trac (at) lists.edgewall.com
http://lists.edgewall.com/mailman/listinfo/trac