[pmwiki-users] Problem with AuthUser
Joachim Durchholz
jo at durchholz.org
Tue Dec 6 14:46:28 CST 2005
Patrick R. Michaud schrieb:
> Personally, I always use method #1 for my sites. While it's true that
> many people somehow feel more "comfortable" with systems where each
> author has a separate username and password, I know from long experience
> as a system administrator that the number one maintenance item is
> helping people recover lost passwords or usernames.
I can understand that.
> Since my sites
> generally have a small number of authors for any given section, using
> a single shared password for groups of pages is *much* more convenient
> for me and my authors than trying to manage multiple separate accounts.
Seems reasonable for small groups of authors.
> This method has even worked well on sites consisting of hundreds of
> authors (especially since authors are able to set their own passwords
> and share them with trusted colleagues).
Um... I'm feeling uncomfortable with that :-)
As an author, I'd have to know all the passwords that were given to me,
and produce the right one for each page that I want to edit (or access).
This can become unmanageable quickly.
Next thing is: I can't abstract with a password-based protection scheme.
With user accounts, I can create groups of users, and give that group
(say) read rights on a given group of pages.
And, lastly: with a password-based scheme, it's difficult to exclude
somebody. (Not a nice thing to happen, but sometimes it's necessary.)
For password-based auth, I'd have to change all the passwords that he
knew, and change them for all the pages that they were set on. As an
admin, I may not even know all the passwords; I'd have to tell everybody
that I'd recommend changing passwords because such-and-so got offended
on that particular PmWiki site and may return as a vandal.
With account-based auth, it's no problem to delete (or at least lock)
the account.
At least that's the reasoning why I'm generally in favor of
account-based auth. I'd be curious to hear how you're handling these
issues with password-based auth; I've always loved opportunities to
learn :-)
Regards,
Jo
More information about the pmwiki-users
mailing list