[pmwiki-users] Default group with authentication

Vince Admin Account vadmin at math.uconn.edu
Thu Mar 1 14:20:50 CST 2007 

We do something like this quite easily.  We set up three  
authentication groups, call them @WikiAdmin, @Econ, and @Library.
We use contact with our authentication server to identify which  
groups a user is in, but given  that they
have already authenticated to Apache, you could just create the  
groups manually in your config.php (If there are not
too many users).  The we have wiki groups, Main which all can see,  
Books which all can see, and only Librarians can edit, and an
Admin group that can only be seen by members of the WikiAdmin group.  
Since you can set passwords for each wiki group to be
a combination of authentication group names, and personal names, it  
works quite nicely.
     Vince

On Mar 1, 2007, at 2:25 PM, Sivakatirswami wrote:

> Tegan Dowling wrote:
>>
>> There is something really close to this that you can do without the
>> AuthUser or any other user-authentication scheme - i.e., just using
>> the native password authentication.
>>
>> On a couple if my sites, I provide each user with a wikigroup of
>> his/her own, which wikigroup is only visible to someone who knows  
>> (one
>> of) its read-password(s).  I use a pagelist on a login page, which
>> lists all the wikigroups on the site (minus a select, manually
>> excluded few), but takes advantage of the default rule for pagelists
>> which rules that pagelist results will only display links to
>> pages/groups for which the user has read-rights.
>>
>> Email me off-list if you'd like a demo.
>>
>
>> Tegan
>
> Tegan: this might be helpful for  me.. I am about to merge several
> fields on a farm to a single field, to reduce the admin.
>
> My set up is like this:  I want a little tighter security on initial
> entry: anyone who has access to the wikis gets a .htaccess user- 
> password
> which I enter into the web server set up  for apache...
>
> Presently, after they are in, they can see *all* the groups. I will  
> need
> to change that.
> But I'm new to this auth business  and I want  to also keep it simple.
>
> What I need is: for the user who logged in with his .htaccess user- 
> password
> to then only see those groups that belong to his "classification"  
> level.
>
> i.e.  my requirement is  just a tad broader:
> Default *set* of  groups with authentication
>
> Right now I would keep it simple: three classification levels
>
> Level 1: Volunteers: Sally, Rajan, Dora
> 		--  only read and edit a set of groups where content is not  
> confidential
> Level 2: Staff: Sadhu, Andre, Ganga, Sarasvati, Dasan
> 		-- get to read and edit  an more  content sensitive  "level 2" of
> groups + Level 1 groups
> Level 3: Admin: Natha, Katir
> 		-- Gets  to read and edit "Site.*" and a few other highly  
> sensitive groups
> 		-- or put another way. "Admin" gets to read and edit *all* groups in
> wiki.d
>
> I am a bit up in the air about whether I really need to use  
> authUser...
> which would then
> require more complex management of users and user groups.
>
> where as, at the risk of asking our  users to enter yet a second
> password once they are in..
> I was thinking that one could  us the default  pmwiki single password
> system
>   if I just had  one password for each of the three classifications
> and set the group attributes for all groups in Level One to one  
> password
> Level two to another and Level three  to another.
>
> So what this means would be: If someone with Level Two clearance  
> logs in
> to the  wiki.
>
> PMwiki will ask for a second password: "Level2"  after which, if he
> enters that, then
> the page list that appears on the log in page displays a list of  all
> groups in Level 1 and
> Level 2.. this second level of password would be very "soft"  
> passwords,
> easy to remember...
> Like once they enter their .htaccess user name and password, then I  
> tell
> them
> "Next you will see another password request.. enter "seva"  which I  
> hope
>   wil ease the
> "tedious" factor of forcing users to authenticate twice...
>
> I've studied out the various recipes, but still remain a bit befuddled
> on the best strategy
> that results in the least admin overhead.
>
> Any advice will be appreciated. Since I'm already using .htaccess
> passwords. perhaps  if there is
> a simple way to accomplish my goal without forcing users to enter a
> second password.
> That may be actually better in the long run... I guess the way to do
> that would be to
> set up three auth user groups: volunteers, staff, admin and then enter
> the names
> of users into each of these... Admin users get entered into all three,
> staff get entered into
> Volunteers and Staff and volunteers only appear in "volunteers"  
> group...
>
> If I do that... will PM wiki follow the  rule and only display  
> groups in
> that they have access
> to in the main log in window (and various pull down lists in other  
> pages?)
>
> I am really looking  forward to the centralized permissions control
> system that is on the
> future roadmap for PMwiki dev.
>
> Sivakatirswami
> www.himalayanacademy.com
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>

More information about the pmwiki-users mailing list