[pmwiki-users] userAuth and unix passwd file

Patrick R. Michaud pmichaud at pobox.com
Mon Jun 20 15:14:29 CDT 2005


On Mon, Jun 13, 2005 at 10:35:52AM +0200, Masschelein Bart wrote:
> Hello,
> 
> Apparently I don't have direct access to the password file, 
> but what I could do is on a regular basis "ypcat passwd > passwd.local". 

This works just fine.  I'm attaching a new script I'm testing for
the distribution that uses passwd-formatted files for authentication.
Just place the attached script (authuser.php) into your cookbook directory,
then add the following lines to your config.php:

    $AuthUser['htpasswd'] = '/path/to/your/passwd.local'
    include_once('cookbook/authuser.php');

This will change PmWiki's password page to prompt for both a
username and password, and if a username is supplied it will attempt
to authenticate it against the passwd.local file.

Then, protecting pages on the wiki uses the same mechanisms as
default -- i.e., set per-page and per-group passwords using ?action=attr, 
except you can add "passwords" that look like

    id:bart           # only "bart" can do this
    id:bart,nancy     # both "bart" and "nancy"
    id:*              # anyone with a valid username/password
    foobar id:bart    # only "bart" and anyone who knows the password "foobar"

So, if you wanted a site-wide edit restriction, you can do:

    $DefaultPasswords['edit'] = 'id:bart,nancy';

Try that, and let me know if you have any questions or run into any
problems.  The script is still undergoing testing, but I expect to be
including it in the distribution soon.

Pm


> From: Patrick R. Michaud [mailto:pmichaud at pobox.com]
> Sent: Thursday, June 09, 2005 19:53
> To: Masschelein Bart
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] userAuth and unix passwd file
> 
> 
> On Tue, Jun 07, 2005 at 06:16:45PM +0200, Masschelein Bart wrote:
> >    Hello,
> >     
> >    I've installed the latest version of the PmWiki on the intranet of my
> >    work, to be used among several users of several groups. I want to use the
> >    userauth plug in, to to authentication. Is the only way to use this by
> >    having the users enter their email addres and preferred username, and then
> >    the admin has to send a pwd? Is there a way to link the unix passwd file
> >    with the .passwd file required by PnWiki? Like this I don't have to give
> >    everybody a new password. My guess is that it is not possible, as you have
> >    to set the permission (read, edit, etc) as well. Any clues?
> 
> PmWiki's built-in authentication system can do what you want, *provided*
> there's some way for PmWiki to be able to get read access to the
> encrypted unix passwords.  Most modern unix systems store the passwords
> in /etc/shadow or somewhere that makes it difficult for a web script
> to be able to access them.  But if they're available somewhere, it's 
> fairly simple to get PmWiki to use the unix passwords (and I'll be
> happy to write the code to set that up).
> 
> Pm
> 



More information about the pmwiki-users mailing list