So I've setup trac on my hosting using the CGI version since there are some issues with the FCGI flavor. However, I'm trying to setup users and authentication now and I am running into problems.

I am trying to follow the instructions in the wiki here:

http://guide.apisnetworks.com/index.php/Trac

The first step says to Create the password file outside of the document tree using the command htpasswd -c DesiredPasswdFilename DesiredUserName

I'm not exactly sure where the password file should go, so I just put it in /home/<username>/etc for now.

The next step says to edit the .htaccess file to add the following configuration:

AuthType Basic
AuthName "Log in to access the trac system"
AuthUserFile /home/virtual/<YOUR DOMAIN NAME>/home/trac/trac.passwd
Require valid-user

It would be good to have examples to go along with these steps in the wiki, like the rest of the documentation. Does this mean that the "DesiredPasswdFilename" must be trac.passwd and live in /home/<username>/trac/trac.passwd?

When I put my domain name into that configuration and try to login, all I get is an internal server error.

Has anyone successfully configured trac with authentication and to allow new users to create accounts? Any help would be greatly appreciated.

Yes that looks correct. Check /var/log/httpd/error_log for a more descriptive error about what might cause the internal server error. Also note that SSH is chroot'd where-as an Apache directive is not (resource center link (http://apisnetworks.com/resources.php?cid=17&id=3)). CGI scripts, e.g. Trac or a Rails application, would also run chroot'd in a similar fashion to how SSH operates.

My money is either on the home directory doesn't have world execute permissions (chmod o+x /home/<username>/) or you provided the wrong path in the .htaccess directive -- it should be /home/virtual/<domain>/<path in shell>. Also make sure that you generated the user/password. htpasswd lives in /usr/sbin/ and I don't believe that's in your path.

Assuming that it isn't in your path, the following command would work:
/usr/sbin/htpasswd -bc /home/trac/trac.passwd test somepasswdfortest

This would not:
htpasswd -bc /home/trac/trac.passwd test somepasswdfortest


But this would...
PATH=$PATH:/usr/sbin/
htpasswd -bc /home/trac/trac.passwd test somepasswdfortest

AHA...

Thanks for the reply Matt. Yeah, I had generated the password file like this:

/usr/sbin/htpasswd -bc /home/trac/trac.passwd test somepasswdfortest

I just had the wrong path in the .htaccess directive, thanks for pointing me to the chroot resource guide.

Similar issues here.

My error log indicates:
[Sun Jul 22 16:27:23 2007] [error] [client 75.61.117.2] (13)Permission denied: Could not open password file: /home/virtual/bluewavedigital.net/home/ocdude/trac/trac.passwd


As far as I know, I have the path correct? This is the contents of my .htaccess:
DirectoryIndex trac.fcgi
AuthType Basic
AuthName "Trac Authentication for AzulCMS"
AuthUserFile /home/virtual/bluewavedigital.net/home/ocdude/trac/trac.passwd
Require valid-user

Second question would be, how do I limit this to only the /login "directory"? I want Trac to be open for viewing, but only authorized users can make changes to specific settings.

/home/ocdude/ likely has the permission set 0700 preventing the user apache from accessing it. Chmod the directory to 701. Second issue isn't solvable via a .htaccess directive, because you need a <Location /trac.fcgi/login> ... </Location> directive to limit access to that specific URL pattern. That's available only in the virtualhost container, which in turn blocks off access to that URL pattern on all subdomain/domain combinations...

Have you taken a look into Trac's rudimentary permission system (http://trac.edgewall.org/wiki/TracPermissions)? In your repository anonymous has access to everything:

User Action
--------------------------
anonymous BROWSER_VIEW
anonymous CHANGESET_VIEW
anonymous FILE_VIEW
anonymous LOG_VIEW
anonymous MILESTONE_VIEW
anonymous REPORT_SQL_VIEW
anonymous REPORT_VIEW
anonymous ROADMAP_VIEW
anonymous SEARCH_VIEW
anonymous TICKET_CREATE
anonymous TICKET_MODIFY
anonymous TICKET_VIEW
anonymous TIMELINE_VIEW
anonymous WIKI_CREATE
anonymous WIKI_MODIFY
anonymous WIKI_VIEW

Thanks for the tip on the rudimentary auth system. This will serve my needs for the second issue. However, I am still having problems with basic authentication for Trac as a whole.

As far as the first issue I did chmod 701 /home/ocdude, but this seems to have had no effect on the issue. I tried to log in again, and I still get an error500. the log still states:
[Sun Jul 22 17:04:29 2007] [error] [client 75.61.117.2] (13)Permission denied: Could not open password file: /home/virtual/bluewavedigital.net/home/ocdude/trac/trac.passwd

Any ideas?

Execute = permission to open a directory and execute a file (still needs read privileges though)
Read = permission to list contents of a directory and get contents of a file
Write = permission to append contents to a file and unlink it from the filesystem

You're missing read access on trac.passwd for user apache.