Setting up authentication in Trac

Question

I am in the works of setting up a Trac server for my (small) company and need a bit of help/guidance with the authentication mechanism.

We have for some time developed our own web application which our users access in their day to day work. It is build in php5.3 and includes a users database stored in a mysql database. I have been asked to look into the possibilities for Trac to use our existing user database in order to keep user maintenance to a minimum. Do you have any suggestions or tips for doing that?

Here is what I have come up with so far:

1. Install Trac on our server (currently done with mysql/apache2/mod_python), but don't grant access to anyone on the net.
2. Write a php wrapper script that
   1. Handles the authentication mechanism.
   2. Passes the request to Trac with the username included.
3. Trac handles the request as the specified user

The problem is; I don't know how to do step 2.

Any comments?

Best regards Jørn

Answer 1

What you are looking for is called Single Sign On.

Are you running Trac on Apache? In that case, it seems to be possible to make use of what user authentication interfaces (LDAP...) Apache can interface with. Check out this conversation.

There are also some SSO plugins available at Trac Hacks, among them an LDAP one.