[pmwiki-users] Default group with authentication

Sivakatirswami katir at hindu.org
Thu Mar 1 13:25:52 CST 2007


Tegan Dowling wrote:
> 
> There is something really close to this that you can do without the
> AuthUser or any other user-authentication scheme - i.e., just using
> the native password authentication.
>  
> On a couple if my sites, I provide each user with a wikigroup of
> his/her own, which wikigroup is only visible to someone who knows (one
> of) its read-password(s).  I use a pagelist on a login page, which
> lists all the wikigroups on the site (minus a select, manually
> excluded few), but takes advantage of the default rule for pagelists
> which rules that pagelist results will only display links to
> pages/groups for which the user has read-rights.
> 
> Email me off-list if you'd like a demo.
> 

> Tegan

Tegan: this might be helpful for  me.. I am about to merge several
fields on a farm to a single field, to reduce the admin.

My set up is like this:  I want a little tighter security on initial
entry: anyone who has access to the wikis gets a .htaccess user-password
which I enter into the web server set up  for apache...

Presently, after they are in, they can see *all* the groups. I will need
to change that.
But I'm new to this auth business  and I want  to also keep it simple.

What I need is: for the user who logged in with his .htaccess user-password
to then only see those groups that belong to his "classification" level.

i.e.  my requirement is  just a tad broader:
Default *set* of  groups with authentication

Right now I would keep it simple: three classification levels

Level 1: Volunteers: Sally, Rajan, Dora
		--  only read and edit a set of groups where content is not confidential
Level 2: Staff: Sadhu, Andre, Ganga, Sarasvati, Dasan
		-- get to read and edit  an more  content sensitive  "level 2" of
groups + Level 1 groups
Level 3: Admin: Natha, Katir
		-- Gets  to read and edit "Site.*" and a few other highly sensitive groups
		-- or put another way. "Admin" gets to read and edit *all* groups in
wiki.d

I am a bit up in the air about whether I really need to use authUser...
which would then
require more complex management of users and user groups.

where as, at the risk of asking our  users to enter yet a second
password once they are in..
I was thinking that one could  us the default  pmwiki single password
system
  if I just had  one password for each of the three classifications
and set the group attributes for all groups in Level One to one password
Level two to another and Level three  to another.

So what this means would be: If someone with Level Two clearance logs in
to the  wiki.

PMwiki will ask for a second password: "Level2"  after which, if he
enters that, then
the page list that appears on the log in page displays a list of  all
groups in Level 1 and
Level 2.. this second level of password would be very "soft" passwords,
easy to remember...
Like once they enter their .htaccess user name and password, then I tell
them
"Next you will see another password request.. enter "seva"  which I hope
  wil ease the
"tedious" factor of forcing users to authenticate twice...

I've studied out the various recipes, but still remain a bit befuddled
on the best strategy
that results in the least admin overhead.

Any advice will be appreciated. Since I'm already using .htaccess
passwords. perhaps  if there is
a simple way to accomplish my goal without forcing users to enter a
second password.
That may be actually better in the long run... I guess the way to do
that would be to
set up three auth user groups: volunteers, staff, admin and then enter
the names
of users into each of these... Admin users get entered into all three,
staff get entered into
Volunteers and Staff and volunteers only appear in "volunteers" group...

If I do that... will PM wiki follow the  rule and only display groups in
that they have access
to in the main log in window (and various pull down lists in other pages?)

I am really looking  forward to the centralized permissions control
system that is on the
future roadmap for PMwiki dev.

Sivakatirswami
www.himalayanacademy.com




More information about the pmwiki-users mailing list