[pmwiki-users] Find out which passwords are set

Tegan Dowling tmdowling at gmail.com
Fri Sep 25 20:43:07 CDT 2009


On Fri, Sep 25, 2009 at 3:30 PM, Petko Yotov <5ko at 5ko.fr> wrote:
> On Friday 25 September 2009 16:42:24 Mike wrote:
>> Hello everyone,
>
> Hello!
>
>> Now I have a particular page which I want to be available to all users
>> of the @readers group, as well as to anyone who know one of four passwords.
>>
>> So I set the read attribute to
>> @readers pw1 pw2 pw3 pw4
>>
>> Now unfortunately, if after 4 months I come back and forgot which
>> passwords I distributed, I cannot determine this anymore. All I see is
>> @readers *** *** *** ***.
>>
>> Would there be any way to find out in a way as convenient as possible,
>> which passwords have been set for which page?
>
> No, the page does not store the real passwords, but one-way encoded hashes --
> it can verify that the user knows the real password, but cannot decode back
> the password from the hash.
>
> It's a security measure, to prevent an attacker who managed to get the disk
> files to learn your real passwords.
>
>> In particular, the problem arises when I want to distribute one more
>> password but maybe forget one of the older ones: it then becomes
>> unusable which I did not want to achieve.
>
> If you disable a password because you don't remember it, the people who use it
> will call you, and you can fix it at that time. You can leave them a message
> not to panic, on your page [[Site.AuthForm]], it will appear on the login
> form.

Maybe something like what I do would help you.

To avoid this problem, and to make changing passwords easier, I often
add a page named "Access" to a restricted wiki-group. The exact rules,
privileges and wording of the page may vary depending on the
circumstances, but I usually edit-protect with @lock, so only an admin
can edit it, and if the group has multiple read-passwords, I may
read-protect the Access page with just the one that I consider
"highest-ranking". I'll have on it:

The read password(s) for this page-group is/are

->'''pswd1 pswd2'''

The edit and upload password(s) for this page-group is/are

->'''pswd1 pswd2'''

----

To change passwords for the page-group, a user must be logged in with
the site's admin password.
(:if auth admin:)
# edit this page and modify either or both of the lists above (the
list must be a space-separated series of one-word passwords)
# save the edit
# select (highlight) the new list and copy it
# go to [[{$Group}.GroupAttributes?action=attr]] and paste the list
into the form field for the read, edit or upload attribute, as
appropriate
**note that edit-access does '''''not''''' automatically confer read-
or upload-access -- each attribute must be modified individually
(:ifend:)



More information about the pmwiki-users mailing list