[pmwiki-users] authuser improvements

[Patrick R. Michaud]

On Tue, Nov 29, 2005 at 06:28:56PM +0100, Mikael Nilsson wrote:
> sön 2005-11-27 klockan 08:27 -0600 skrev Patrick R. Michaud:
> > On Sun, Nov 27, 2005 at 12:47:24PM +0100, Mikael Nilsson wrote:
> > > I find it a bit disturbing that I need to specify the default site-wide
> > > passwords etc in config.php, when the rest of the authentication is
> > > specified in either $Group.GroupAttributes, Site.AuthUser or
> > > $FullName?action=attr. I'd like to see the possibility to define
> > > $DefaultPasswords in Site.AuthUser.
> > 
> > I started in that direction, and then realized that the only way that
> > can work is if the Site.AuthUser page is loaded and processed on 
> > every access to PmWiki.  
> 
> Is that still not necessary when using groups (@site_edit etc) defined
> in Site.AuthUser? In order to understand the @... directive,
> Site.AuthUser must be loaded, no? 

The authuser.php module figures out which groups someone belongs
to when authentication occurs, and saves that information as part 
of the session.  (Yes, this means that if someone modifies
Site.AuthUser then the group memberships may be out of date for 
any existing logged-in sessions, but that can be easily fixed if 
needed.  Personally I'm guessing that Site.AuthUser won't change 
frequently enough for this to be a real issue.)

> Anyway, the group mechanism is nice, and covers my needs in any case.
> Now I just need a form so that users can change their own passwords....
> HtpasswdForm only works for admins.

At the moment I'm leaving this for a cookbook recipe.

> Will this be part of the next release?

Site.AuthUser will be in 2.1.beta6.

Pm