[pmwiki-users] using Apache BA with AuthUser
Neil Herber
nospam at eton.ca
Wed Apr 5 13:47:03 CDT 2006
Some of the wikis in my farm are part of sites protected by Apache
BA, so by the time the user reaches the wiki, they have already been
authenticated. I force the $Author to the Apache BA username with the
following lines in farmconfig.php:
if (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];
I want to control access within a wiki based on the $Authid which I
set in local/config.php as follows:
$DefaultPasswords['read'] = 'id:*';
## turn on the PmWiki authentication
include_once("$FarmD/scripts/authuser.php");
##if someone has authenticated using Apache BA, then use that for local auth
if (@$_SERVER['REMOTE_USER']) $AuthId = $_SERVER['REMOTE_USER'];
My limited testing has shown that I can now control page or group
access with ?action=attr. By setting the read password to something
like id:NeilHerber, I can restrict access to the page to me.
The problem is, when someone not authorized to see a page comes
along, PmWiki throws up the AuthForm asking for a username and
password - but what I really want is a page that says: Sorry, you are
not authorized to access this page. Please contact admin if you think
this is an error."
My inclination is to simply change the AuthForm page to that message,
but this has the unintended result that "Site" group pages cannot be
edited, because they require an admin password that overrides the "*"
default. Should I create an @admin group on Site.AuthUser and put
myself in it? Is there a better way? Will removing the AuthForm cause
any problems?
Any and all suggestions welcome.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list