[pmwiki-users] Problem with AuthUser

Tegan Dowling tmdowling at gmail.com
Tue Dec 6 14:08:55 CST 2005


UserAuth:
* breaks ?action=attr
* Sometimes just won't allow a user the access that he/she has been
explicitly given
* You get to guess when those times occur
* A user who has not been assigned admin status cannot get to the default
page of a wikigroup by clicking on a link (such as in the breadcrumbs) to
{$Group} or http://site.com/Group

On 12/6/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
>
> On Tue, Dec 06, 2005 at 07:45:34PM +0100, Hsing-Foo Wang wrote:
> > is there somebody who can explain in simple words what kind of
> > authentication ways there are(incl cookbook), and specifically for what
> > usage. I know the wiki says it all, but I would like to get a grasp of
> > it at a 'meta level'
>
> As far as I know, there are three basic authorization mechanisms
> available for PmWiki:
>    1. passwords on pages,
>    2. AuthUser (scripts/authuser.php), and
>    3. UserAuth (http://www.pmwiki.org/wiki/Cookbook/UserAuth).
>
> Both #2 and #3 are built on top of PmWiki's page password mechanism,
> so that it's possible to have both identity-based authorizations and
> password-based authorizations on pages.
>
> Personally, I always use method #1 for my sites.  While it's true that
> many people somehow feel more "comfortable" with systems where each
> author has a separate username and password, I know from long experience
> as a system administrator that the number one maintenance item is
> helping people recover lost passwords or usernames.  Since my sites
> generally have a small number of authors for any given section, using
> a single shared password for groups of pages is *much* more convenient
> for me and my authors than trying to manage multiple separate accounts.
> This method has even worked well on sites consisting of hundreds of
> authors (especially since authors are able to set their own passwords
> and share them with trusted colleagues).
>
> For sites that need identity-based authorization, PmWiki provides the
> AuthUser script (#2), which has just undergone some major improvements
> for PmWiki 2.1 (thus the Cookbook.AuthUser page is a little out of date).
> AuthUser overloads the basic protection scheme to also allow access
> based on an authenticated identity ("id:alice") or membership in a
> defined group of identities ("@editors").  The best place to see
> what AuthUser currently offers is the Site.AuthUser page at
> http://www.pmwiki.org/wiki/Site/AuthUser .
>
> At present, usernames and passwords for AuthUser come from an
> "external" source of some sort, which can be any of the Site.AuthUser
> page, local Apache .htpasswd files, LDAP servers, MySQL databases,
> or the local/config.php file.  AuthUser is also extensible to allow
> other authentication sources.
>
> I'm not very familiar with UserAuth (#3), but I'll provide my
> understanding of how it works (and others can correct me as
> appropriate).  UserAuth takes a different approach in that
> authenticated users can be given permissions that override any
> passwords that may be placed on pages.  Thus, an administrator
> can say, for example, that "alice" is able to edit certain groups
> or pages regardless of any passwords set for them.  Unlike AuthUser,
> UserAuth can only get its usernames and passwords from an Apache
> .htpasswd file.  However, UserAuth also provides form-based
> interfaces to allow authors to change passwords, as well as a form-based
> system for admins to add new accounts or change account permissions.
>
> Form-based interfaces for registering new accounts and allowing
> authors to change passwords are planned for AuthUser (#2), but
> aren't completed yet.
>
> I hope this helps!  I'd like to take the above information and put
> it into the PmWiki docs somewhere, so any comments, questions,
> or suggestions on the above descriptions would be greatly appreciated.
>
> Pm
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20051206/fd3c2288/attachment.html 


More information about the pmwiki-users mailing list