[Trac] can trac use the subversion user authentication

[Felix Collins]

Kenneth Gonsalves wrote:
> hi
> i am setting up trac and subversion over mod_python. I have set up 
> subversion. My question is: can i point trac to my subversion 
> authorisations for the whole of trac, or is that only possible for the 
> browse source code part of trac?

Officially this is only supported for browsing source code.  However...

I'm using mod_authz_svn.so to control access to Trac based on the same 
svn access file that controls access to the repositories.

The following is my Trac location (using Mod python and mod sspi for 
authentication) from the apache config file.

<Location /trac>

   SetHandler mod_python
   PythonHandler trac.web.modpython_frontend
   PythonOption TracUriRoot /trac
   PythonOption TracEnvParentDir "D:/tracenv"

   #NT Domain auth config
   AuthType SSPI
   SSPIAuth On
   SSPIDomain INTERNAL
   SSPIAuthoritative On
   SSPIOfferBasic On

   #Restrict access to Trac projects based on SVN access rights
   SVNParentPath D:/tracenv
   AuthzSVNAccessFile "C:/config/svnaccessfile.txt"

   Require valid-user

</Location>


In the svn access file you can do something like the following to 
restrict access to certain trac environments or parts of environments.

[hostusb:/]
@support = r

[hostusb:/ticket]
@support = rw

[hostusb:/newticket]
@support = rw

This is very convenient for me because I have named the trac projects 
the same names as the repos.  So from the above example sthe support 
group has only read access to hostusb trac project and only read access 
to hostusb svn repo.  They do however have full access to the trac 
tickets. I have to be careful here not to name a repository folder of 
hostusb ticket or newticket, as that would make a security hole.

I hope that helps,
Felix