[pmwiki-users] Problem with AuthUser

Joachim Durchholz jo at durchholz.org
Tue Dec 6 14:46:28 CST 2005


Patrick R. Michaud schrieb:
> Personally, I always use method #1 for my sites.  While it's true that
> many people somehow feel more "comfortable" with systems where each 
> author has a separate username and password, I know from long experience
> as a system administrator that the number one maintenance item is
> helping people recover lost passwords or usernames.

I can understand that.

 > Since my sites
> generally have a small number of authors for any given section, using 
> a single shared password for groups of pages is *much* more convenient 
> for me and my authors than trying to manage multiple separate accounts.

Seems reasonable for small groups of authors.

> This method has even worked well on sites consisting of hundreds of
> authors (especially since authors are able to set their own passwords
> and share them with trusted colleagues).

Um... I'm feeling uncomfortable with that :-)

As an author, I'd have to know all the passwords that were given to me, 
and produce the right one for each page that I want to edit (or access). 
This can become unmanageable quickly.

Next thing is: I can't abstract with a password-based protection scheme. 
With user accounts, I can create groups of users, and give that group 
(say) read rights on a given group of pages.

And, lastly: with a password-based scheme, it's difficult to exclude 
somebody. (Not a nice thing to happen, but sometimes it's necessary.) 
For password-based auth, I'd have to change all the passwords that he 
knew, and change them for all the pages that they were set on. As an 
admin, I may not even know all the passwords; I'd have to tell everybody 
that I'd recommend changing passwords because such-and-so got offended 
on that particular PmWiki site and may return as a vandal.
With account-based auth, it's no problem to delete (or at least lock) 
the account.


At least that's the reasoning why I'm generally in favor of 
account-based auth. I'd be curious to hear how you're handling these 
issues with password-based auth; I've always loved opportunities to 
learn :-)

Regards,
Jo




More information about the pmwiki-users mailing list