[pmwiki-users] Site.AuthList Questions

[Tegan Dowling]

On 6/24/07, Sivakatirswami <katir at hindu.org> wrote:
>
> Patrick R. Michaud wrote:
> > On Wed, Jun 20, 2007 at 09:52:13AM -1000, Sivakatirswami wrote:
> >> read and edit
> >> passwords are not displayed... we only see four **** in each field
> >> where we were expecting to view the actual passwords displayed.
> >
> > PmWiki doesn't have the cleartext passwords anywhere -- it
> > only stores encrypted versions.


I see, hmmm, makes sense, you don't want to open a hole
> to hack out passwords as clear text. OK understood, that
> could be a serious problem. So, you just keep that door shut.
>
> So then, obviously, admin is left with the manual task
> of tracking the passwords for each group and which users
>   have been given those passwords.
>
> I would be interested in how other admins do this or if there
> are any "best practices" recommendations...
>
> A simple text file on one's own box?
> A protected page on the wiki?


Good question -- I'd be interested in hearing what others do, too.  I have
an Admin wikigroup, which requires an admin password to read.  One of its
pages  contains the following:

(:table class=tabtable padding=5px:)
(:cell width=40%:)
Here's a list of groups on the site
(:pagelist fmt=group list=all group=-PmWiki,-Admin,-Site:)
(:cell width=60%:)
Maintain a manual list here of groups, pages and passwords
* '''Site-wide''' admin=admin-levelpassword;
read/edit/upload=user-levelpassword
* Group [[ExampleGroup1(.HomePage)]] read=firstpasswordexample;
read/edit/upload=secondpasswordexample
* Page [[ExampleGroup2/ExamplePage]] read= pw1 pw2 pw3; read/edit/upload=pw4
pw5
(:tableend:)

 I highly doubt this could be considered a "best practice".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20070624/3c76b4ed/attachment.html