# svn/trac auth on apache2

## sebv

Hello,

I install a little server for developpement, with a trac/svn access, but i've a "problem" to choose how to configure my auth.

I use trac with python, so my serveur is currently install as that (for testing basic install) (it's a multiproject install) and it work fine

```

<IfDefine SVN>

        <IfModule !mod_dav_svn.c>

                LoadModule dav_svn_module       modules/mod_dav_svn.so

        </IfModule>

        <Location /svn>

                DAV svn

                SVNParentPath /home/server/svn

                AuthType Basic

                AuthName "Subversion repository"

                AuthUserFile /home/server/conf/svnusers

                Require valid-user

        </Location>

        <IfDefine SVN_AUTHZ>

                <IfModule !mod_authz_svn.c>

                        LoadModule authz_svn_module     modules/mod_authz_svn.so

                </IfModule>

        </IfDefine>

        ############

        ##  TRAC  ##

        ############

        LoadModule python_module modules/mod_python.so

        <Location /trac>

                SetHandler mod_python

                PythonHandler trac.web.modpython_frontend

                PythonOption TracEnvParentDir /home/server/trac

                PythonOption TracUriRoot /trac

        </Location>

</IfDefine>

```

But, I wan't to use a Mysql auth with mod_authn_dbd module, but how can I configure it to configure users on each project and not for all in the same time, all exemple I found set auth for all projects at the same time (whitout re-write my apache config ta add each project)

```

 AuthDBDUserPWQuery "SELECT password FROM authn WHERE username = %s"

```

Maybe I can use a variable as "%s" use for mysql auth request to know what is the current ask project to get the good user in database, but i can't find info on that

Someone have an idea ?

Thanks in advance.

----------

## rev138

I have what I beleive to be a similar issue with apache/trac

Here's what the relevant part of my httpd.conf looks like

```
<Location "/trac">

  SetEnv TRAC_ENV_PARENT_DIR "/var/trac"

  SSLRequireSSL

</Location>

<Location "/trac/fnertfw/login">

  AuthType Basic

  AuthName "FNE rtfw"

  AuthUserFile /etc/devusers

  Require valid-user

  SSLRequire %{SSL_CIPHER_USERKEYSIZE} >= 128

  SSLRequireSSL

</Location>

<Location "/trac/fneweb/login">

  AuthType Basic

  AuthName "FNE web"

  AuthUserFile /etc/devusers-web

  Require valid-user

  SSLRequire %{SSL_CIPHER_USERKEYSIZE} >= 128

  SSLRequireSSL

</Location>

```

As you can see, what I'm trying to do is have separate authentication for each project (fnrtfw and fneweb), against separate htpasswd generated files (devusers and devusers-web, respectively).

Unfortunately, this does not work. With the above config, a user is allowed full access to everything without authentication. If I add Authype, AuthName, etc, to the "/trac" location definition, it DOES prompt for authentication, but those authentication settings override the others, allowing full access to everything.

It seems that the auth info in "fnertfw" and "fneweb" is being ignored completely.

Any help would be appreciated.

----------

## sebv

I'ts not an apache config error, it's the default value of trac config

If you check your access config on trac with trac-admin you'll see that anonymous user have access to all things, just remove modif and create right for this user and it'will run as you want.

search on trac's site there is a plugins to allow the project admin to simply choose this options directly on trac web pages.

----------

## rev138

You seem to misunderstand. I'd like to mantain two separate users lists for authentication, not one list with per-user permissions in trac. It would seem that apache needs to do this. No?

----------

## euphorium

I did a search for trac and authentication (auth too) and only found a total of 3 posts about authentication. Which leads me to believe that it can't be that difficult to do. so I am wondering where I am going wrong with setting up wuthentication with Trac on my server.

Here is what I have in my http.conf file.

```
ScriptAlias /www/trac/confuzedb /usr/share/trac/cgi-bin/trac.fcgi

<Location /www/trac>

SetEnv TRAC_ENV_PARENT_DIR "/www/trac"

SetHandler fcgid-script

</Location>

<LocationMatch "/www/trac/[^/]+/login">

  AuthType Basic

  AuthName "Project Login"

  AuthUserFile /www/trac/trac.htpasswd

  Require valid-user

</LocationMatch>
```

Here is my tracd.conf file.

```
# Port for tracd

TRACD_PORT="8000"

# Options for tracd

TRACD_OPTS="--env-parent-dir /www/trac"

#TRACD_OPTS="--basic-auth=BASICAUTH /www/trac/confuzedb, /www/trac/confuzedb/.htpasswd, confuzedb"

# User and group as which to run tracd

#TRACD_USER="apache"

#TRACD_GROUP="apache"
```

Am I missing something?

I solved my issue and wrote a guide. Please refer to this thread.

----------

