Authenticating svn and trac with wordpress

May 07, 2009 at 02:05 PM | categories: Servers | View Comments

Problem caused by wordpress upgrade

My club uses Wordpress and I have our forums and subversion authenticate via the wordpress install's user table. This became very useful, and something that I tried to make sure I could apply on any new app I would install for the site.

When trying to get the same thing setup for an install of Trac I had just made I ran into a bit of trouble. With the old versions of wordpress this was pretty simple to do. Just a few lines in an apache conf file and we were golden.

With the most recent revisions though their implementation of password storage changed, causing the old setup to break for svn, and causing me a nice headache when trying to duplicate my old fix for svn onto trac. They went from a simple md5 hash to using a much more secure phpass. (why it isn't phppass I don't know)

The main problem with this is that this isn't an authentication encryption that apache's mysql handler could use. I tried to find a work around to get back to md5, but I couldn't find any. It was probably for the best anyhow, as I'd rather the site be more secure, than have more tools. No point in propagating something that could be exploited. Searching around some more I found the awesome work of Nikolay. given out on Barry's blog, and explaining the install process. Nikolay made an apache module to compile that added in the ability to use phpass. This compiled great and worked with the fedora install the server is on, so the old fix for subversion was working again, with a single line changed.


RedirectMatch ^(/repos)$ $1/
<Location /repos/>
     Options all
     DAV svn
     SVNParentPath /repos/gcc/
     SVNListParentPath on

     AuthName "MySQL authentication for SVN"
     AuthType Basic
     Require valid-user

     AuthMYSQLEnable on
     AuthBasicAuthoritative off
     AuthMySQLAuthoritative on

     AuthMySQLHost localhost
     AuthMySQLUser user
     AuthMySQLPassword password
     AuthMySQLDB wordpress_db
     AuthMySQLUserTable wp_users
     AuthMySQLNameField user_login
     AuthMySQLPasswordField user_pass
     AuthMySQLPwEncryption phpass
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION

That is the config that makes sure that only people that have accounts on the wordpress blog can have access to the repos. I plan on soon adding in a SVN auth file to make the commit users more constrained, but at the moment, it isn't a priority.

The last line makes nice entries of SVN access in its own log file, which is very handy for debugging problems.


For trac I took the simple apache auth they provided on their website, and applied the same idea from svn to it:

<Location "/projects/project-name/login">
     AuthType Basic
     Require valid-user

     AuthName "Trac Auth"
     AuthMYSQLEnable on
     AuthMySQLAuthoritative on
     AuthMySQLHost localhost
     AuthMySQLUser wordpress
     AuthMySQLPassword password
     AuthMySQLDB wordpress_db
     AuthMySQLUserTable wp_users
     AuthMySQLNameField user_login
     AuthMySQLPasswordField user_pass
     AuthMySQLPwEncryption phpass

I plan to use this type of database integration more, specifically with a wiki installation. Although I don't know of any wiki that could use this type of authentication as I am only familiar with mediawiki, and really only as a user.

Fedora 10 on the eeePC 900

May 04, 2009 at 07:22 PM | categories: Linux | View Comments

Recently got the deal on the eeepc 900, sans webcam. I tried to use the xanadros os that was bundled with it for a few days, but the lack of normal gnu tools and normal packages made me want to switch. So I decided to to look into putting my os of choice fedora onto it.


Found that is was a dooable project, exciting and surprising. Since the netbook doesn't have a dvd-rom drive, and I lent out my external, I decided to go the usb live stick route.

Directions for this were easy to find, I did have to use the command line version of them, and found through trial and error that only my name brand Kingston drive would get the netbook to boot.

To get the usb drive to boot, hit escape while booting or hit f2 and set the main drive to be the usb drive. After it boots and finishes and installs, everything pretty much works.

When I brought up the machine I started to follow Gavin's_directions and run a general update. This failed, only because it filled the small hard drive up. I then had to find the /var/cache/yum/updates/packages/ directory and clear it by hand, because yum didn't have the room to run and remove the rpms itself.

Removing things to make space:

So now I had to sleuth around to find out what was taking up all the space on the drive. Using

du -Hs -si /*

found that the largest folder in the root dir was usr. And walking down that path structure I found that the three largest folders, that I could do something about, were:

  • /usr/share/locale @332MB
  • /usr/share/doc @106MB
  • /usr/share/fonts @223MB

So I really went through and removed a whole lot of this stuff, which depending on ones needs, may not be advisable.

I removed all fonts that could using yum instead of just deleting them, as that just really seemed like a bad idea. It took a bit of grep'ing, so this line is a little long, but it basically strips out all the extra fonts, and keeps liberation as well as core font tools and libs. I personally use Anonymous, for all my coding, and terminal work, and I put that in .fonts dir, so really even this is a bit liberal for me.

rpm -qa | grep font \
| grep -ve'xorg' -ve'core' -ve'liberation' -ve'fontconfig' -ve'lib' -ve'bitmapfonts' -ve'ghostscript' \
| xargs yum -y erase

Note also that this removes these apps:

  • gimp
  • abiword
  • evince
  • ghostscript (even though I tried not to)

This frees up most of the 200MB that the fonts dir takes up, so we're off to a good start.

The locale directory I was unfamiliar with, but some searching found that this is where data for other language support is stored. I only speak one, and found that removing these doesn't cause irreparable harm. So delete them I did. Since these are installed with every program, and the language packs don't have their own RPMs yum wasn't useful in this case.

ls /usr/share/locale/* -d \
| grep -ve'locale.alias' -ve'default' -ve'en' \
| xargs rm -rf

This frees up about another 300MB. But it is also something that will crop up again, since any new program you install will add it own locale information. For apt-get there is a nice plug-in that will automatically strip out this information for you on install, but in my shallow searching for this for yum there didn't seem to be a substitute. Might be a good weekend project.

The share doc directory I just cd'ed into and wiped out its contents. This is a netbook, and I can ssh into my home machine to read those if I need to, so I freed up another 100 or so MB with this wipe.

This brings us a lot closer to a good 1 GB of free space. I went further and removed a few apps I won't be using:

  • evolution
  • rhythmbox
  • cheese

Now to try and get the services under control.

Found this great listing of what each service does, so if you're unsure if you want to stop as many as I chose to, look it up and make sure. I also chose to use the command line service conf tool:

/sbin/chkconfig  --list

So its a bit time consuming but I went through the chkconfig list and grepped out the 5:on states and checked them against my list below and set them to off one at a time for every run time level. There might be a quicker way, but I couldn't think of one that didn't involve making a script, so I let it be, and stuck with manual.

  • cron, atd, anacron
  • auditd (also disabled SELinux)
  • avahi-daemon
  • bluetooth
  • btseed, bttrack
  • capi
  • cups[*]
  • firstboot
  • ip6tables
  • irda
  • irqbalance
  • isdn
  • kerneloops
  • lm_sensors
  • mdmonitor
  • multipathd
  • netconsole
  • netfs
  • nfs
  • nfslock
  • nmbd
  • nscd
  • pcscd
  • portreserve
  • restorecond
  • rpcbind
  • rpcgssd*
  • sendmail
  • smb
  • ypbind

Now not all of those services were up, but I just made the list of what I would remove, and didn't take note of what was not running in that list.

Then I installed my must haves: xfce, vim, htop, all the dvcs', tilda, and tomboy. I rsync'ed over my dot dirs that I wanted, and I was good.