Decide, whether to use HTTP authentication (Trac default) or a HTML login form provided by AccountManagerPlugin.
After initial login Trac sessions are authenticated per request based on browser cookies. Therefore a number of options provide control over some critical browser cookie properties.
Adapt to careless username typing, where casing does not matter, like on Windows. Potentially troublesome, because case matters for Trac permission assignment lookup anyway.
Potentially troublesome for users with dynamic IP address, but disregarded for persistent sessions.
Required, if the Trac instance is only accessible through HTTPS.
Determines how long the browser will cache authentication information, and therefore, after how much inactivity a user will have to log in again. Default (0 s) makes cookie expire at browsing sessions end.
You can still manage some password stores with AccountManagerPlugin, if you configure them in the next step.
AccountManagerPlugin provides a custom version of the LoginModule accompanied by a form-based HTML login page.
If you enable this feature, you'll want to review and adjust some more options related to session authentication. Note, that AccountManagerPlugin's LoginModule changes the default lifetime of authentication cookies to 30 days.
If enabled, links to
that normally reside in Trac's meta-navigation bar, will appear inside the login form. CSS styling allows further customization of the login prompt.
This is, user checks a "Remember Me" checkbox in the AccountManagerPlugin login form and, next time he visits the site within 30 days, he'll be remembered and authenticated automatically.
Driving a refresh process to decrease vulnerability of long-lasting sessions. Zero means never.
This enables AccountManagerPlugin's authentication data distribution to Trac instances with matching cookie path. Set this to a common base path of several Trac instances to share the cookie, providing a cheap Single-Sign-On experience.
