[pmwiki-users] PITS vs. JITS

Sivakatirswami katir at hindu.org
Thu Jul 12 15:53:54 CDT 2007 

Sandy wrote:
> Sivakatirswami wrote:
>> Kathryn Andersen wrote: 
> <snip>
>>> I use AuthUser with HtpasswdForm and settings to require author names
>>> and to force the author names to be the same as the logins.
>>>
>>> Advantages:
>>> - self-registration makes it easier for both the users and the admin
> 
> Note: AuthUser alone does not have self-registration. As Kathryn said, 
> her setup includes HtpasswdForm.
> 
>> "Self-registratio n" implies anyone can create a new user
>> but if you don't want your site to be public...
>>
>> How do you limit who can actually create a new user?
>>
>>   I think of self-registration like a Yahoo group
>> where anyone can do it. But on our wiki I need to be
>> able to decide who can get in....but we don't
>> want to force a double authentication requirement
>> for those who are already registered.
>>
>> Sivakatirswami
> 
> How about a "Welcome stranger" page?


hmm, sounds like an interesting strategy...
> 
> Does the registration system have a "hold for approval" setting. 

I don't know...

> I run 
> some non-wiki lists where the user does most of the registration 
> themselves, then I get an email saying my approval is needed. Approval 
> then consists of me logging in and clicking "approve NewGuy".

in my case I might just tell people to email me... then this also
adds some hacker controls, who might register themselves,
but then they have to email me to actually get approved.
Since they are unlikely to do this, hopefully the HTpassword
form will not get filled up by bogus users... I still wonder though
Such a form could be easily hacked...

> Sandy

if groups attributes
only used @*usergroup* for the read and edit permissions, then
such newly added users (who registered themselves) would not
have access to any pages until you added them to a usergroup.

So the HTpasswdForm that added someone to a group
would need to be an admin only  accessible page.

I'm curious how Kathryn does it. I suspect, if it is an internal wiki,
that the
URL is not available on the open internet to the public... only on the
LAN...
anyone  "internally" can create a user-password for themselves and then
she probably has to assign them subsequently to a group before
they actually can get into any page...

But, I'm guessing here. Kathryn? Are you there? I know you
don't want to put yourself forward as an expert, but
your experience if useful...

More information about the pmwiki-users mailing list