[pmwiki-users] User authentication - username only and htpassword
Annie Walker
apinka at gmail.com
Wed May 28 18:27:05 CDT 2008
Hi
Can any of you PM Wiki experts offer a naive newbie a bit of advice?
We have installed PM Wiki into a much larger site. The set up of this
site is fairly complex for reasons currently beyond our control... (it's
all legit, by the way, just 'political')
- User logs in to part of our site using local login form, which has
to redirect via external authentication platform we have no database
access to. Successful authentication returns user to our site,
collecting the username on the way.
- If this is the first time we've seen this user, it adds their name
to our own database with a default password (all are the same, it acts
as an extra session variable for security on our pages). User does not
have the 'new' password as the external login authentication allows them
to use the one they set in the past before we swapped the target
platform location. They also use the login on that platform for other
sites on that platform.
- For PM Wiki, we have now also got the first-time-username to add to
a .htpassword file which holds usernames and these all-the-same passwords
So, the question is - can anyone offer advice on the best way to
integrate PM Wiki login with this system to force authentication before
allowing edits? We're keeping it open for all to read. It is supposed to
be acting like a part of the same site as described above, so we don't
want a new login detail (e.g password), but do not object to asking
people to re-enter the username they already have. I've seen mention of
using username only to allow edit access on the Wiki but can't see how
it's done.
If it helps, we're on a Windows server with Micronovae IIS Mod-rewrite
(covers RewriteEngine,
<http://www.micronovae.com/ModRewrite/ref/RewriteEngine.html>RewriteRule,
<http://www.micronovae.com/ModRewrite/ref/RewriteRule.html>RewriteCond,
<http://www.micronovae.com/ModRewrite/ref/RewriteCond.html>RewriteMap,
<http://www.micronovae.com/ModRewrite/ref/RewriteMap.html>RewriteLog,
<http://www.micronovae.com/ModRewrite/ref/RewriteLog.html>RewriteLogLevel,
<http://www.micronovae.com/ModRewrite/ref/RewriteLogLevel.html>RewriteOptions,
<http://www.micronovae.com/ModRewrite/ref/RewriteOptions.html>RewriteBase,
<http://www.micronovae.com/ModRewrite/ref/RewriteBase.html>RewriteLock
<http://www.micronovae.com/ModRewrite/ref/RewriteLock.html>).
I've been having a go with using the .htpassword option with AuthUser
(using username and password for now). I have given the .htpassword file
full R/W permission but am receiving an fopen error. Is this likely to
be Windows related, or my error in setup?
All advice much appreciated.
Thanks.
More information about the pmwiki-users
mailing list