Trac, Apache and X.509 authentication using FakeAuth

[Alex Voss]

Dear all,

I am trying to set up Trac for an organisation that uses X.509
certificates for authentication. Using Trac 0.12 running behind Apache
2.2 using mod_wsgi I managed to almost get this to work. The problem is
that whenever I do a POST request, the trac child dies with a
segmentation fault. To rule out a problem with WSGI I changed to FastCGI
but then *any* request dies.

I found that if I take those lines out of the .htpasswd file that relate
to X.509 certificates then I can log in using simple username and
password authentication. This seems to indicate that the problem lies
with the handling of long usernames. To use X.509 and get the
credentials mapped to permissions in Trac I have followed the mod_ssl
documentation and entered the certificate DNs as usernames in the
htpasswd file used, so this would look like this:

/C=UK/O=eScience/OU=Manchester/L=MC/CN=alexander voss:xxj31ZMTZzkVA

I have documented the way I installed all this on:
https://e-research.cs.st-andrews.ac.uk/site/bin/view/AlexVoss/Trac+Notes

Does anyone know if this problem has been addressed anywhere?

Cheers,

Alex

--
Alexander Voss
SICSA Advanced Research Fellow
School of Computer Science
University of St Andrews
http://www.cs.st-andrews.ac.uk/~avoss
The University of St Andrews is a charity registered in Scotland : No
SC013532