[pmwiki-users] questions about user authentication

Joachim Durchholz jo at durchholz.org
Wed Apr 13 07:15:47 CDT 2005


Patrick R. Michaud wrote:

> Okay, now that I have the core for user-based authorization in
> place, it's time for some specifics.  As background, I'll first
> note that user-based authorization has easily been the most highly 
> requested feature in PITS (http://www.pmwiki.org/wiki/PITS/00010).
> 
> So, now my questions for all those wiki admins who wanted user-based 
> authorization (many of whom might have left PmWiki by now for some 
> other system that already supported it...)
> 
> Q1: What sort of interface do you want/need for adding user identifiers
> and passwords into the system?

I would want to have various perspectives.

Sometimes I want to see and edit the permissions for one user (or user 
group).

Sometimes I want to see and edit the permissions for a page/page group.

Sometimes I want to see and edit *everything*. (For example when doing 
security audits.)

> Q2: What sorts of features are needed for users who have forgotten
> their passwords?

A "mail-me-a-new-password" feature.
(Don't mail existing passwords. Some users have a single password for 
everything, from POP retrieval to on-line banking. That's also the 
reason why passwords shouldn't be stored in the clear.)

> Q3: Is there anyone who has an immediate need/use for authenticating
> via an LDAP or Active Directory Server?  (If so, is there an LDAP or
> AD server somewhere that I could test against?)

Not me.
I already mentioned I'd like to use PAM :-)

> Q4: Is anyone interested in being able to authenticate against
> standard ".htpasswd" files?  (If so, would you need an interface to
> create/maintain such files...?)

That would be nice but not a priority for me.

Database authentication would be more interesting.

A HTTP interface to any of these authorisation mechanisms would be 
helpful, but I'd first turn to webmin instead of PmWiki. If would be a 
waste not to take advantage of their accumulated server management and 
security expertise :-)

> Q5: How soon would you likely start to use or implement user 
> authorization on your site(s) once these features are available?

I'd immediately use it, on all three wikis that I administer.

Regards,
Jo



More information about the pmwiki-users mailing list