Proper Trac Setup of Permissions

I have installed Trac on my webserver. First of all it seems in secure because it immediately exposed my repository to the world. How does Trac access my repository without providing i开发者_如何学Ct with some credentials to access the authz protected repository? Second, can I use the same users or groups in svn's authz to use as the users and groups in Trac?

1. Trac accesses your repository directly - that's why it ignores authz that works for your webserver. See http://trac.edgewall.org/wiki/AuthzPolicy and http://trac.edgewall.org/wiki/TracFineGrainedPermissions if you need Trac to use authz for fine-grained browser access.

2. From that I know - you can't use users from authz as Trac users, because authz doesn't store authentication passwords to recognize these users. See http://trac-hacks.org/wiki/AccountManagerPlugin for supported storages.