[pmwiki-users] using Apache BA with AuthUser

[Neil Herber]

Some of the wikis in my farm are part of sites protected by Apache 
BA, so by the time the user reaches the wiki, they have already been 
authenticated. I force the $Author to the Apache BA username with the 
following lines in farmconfig.php:

if (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];

I want to control access within a wiki based on the $Authid which I 
set in local/config.php as follows:

$DefaultPasswords['read'] = 'id:*';
## turn on the PmWiki authentication
include_once("$FarmD/scripts/authuser.php");
##if someone has authenticated using Apache BA, then use that for local auth
if (@$_SERVER['REMOTE_USER']) $AuthId = $_SERVER['REMOTE_USER'];

My limited testing has shown that I can now control page or group 
access with ?action=attr. By setting the read password  to  something 
like id:NeilHerber, I can restrict access to the page to me.

The problem is, when someone not authorized to see a page comes 
along, PmWiki throws up the AuthForm asking for a username and 
password - but what I really want is a page that says: Sorry, you are 
not authorized to access this page. Please contact admin if you think 
this is an error."

My inclination is to simply change the AuthForm page to that message, 
but this has the unintended result that "Site" group pages cannot be 
edited, because they require an admin password that overrides the "*" 
default. Should I create an @admin group on Site.AuthUser and put 
myself in it? Is there a better way? Will removing the AuthForm cause 
any problems?

Any and all suggestions welcome.


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668