[pmwiki-users] User authentication - username only and htpassword

Annie Walker apinka at gmail.com
Wed May 28 18:27:05 CDT 2008


Hi

Can any of you PM Wiki experts offer a naive newbie a bit of advice?

We have installed PM Wiki into a much larger site. The set up of this 
site is fairly complex for reasons currently beyond our control... (it's 
all legit, by the way, just 'political')


   - User logs in to part of our site using local login form, which has 
to redirect via external authentication platform we have no database 
access to. Successful authentication returns user to our site, 
collecting the username on the way.

   - If this is the first time we've seen this user, it adds their name 
to our own database with a default password (all are the same, it acts 
as an extra session variable for security on our pages). User does not 
have the 'new' password as the external login authentication allows them 
to use the one they set in the past before we swapped the target 
platform location. They also use the login on that platform for other 
sites on that platform.

   - For PM Wiki, we have now also got the first-time-username to add to 
a .htpassword file which holds usernames and these all-the-same passwords


So, the question is - can anyone offer advice on the best way to 
integrate PM Wiki login with this system to force authentication before 
allowing edits? We're keeping it open for all to read. It is supposed to 
be acting like a part of the same site as described above, so we don't 
want a new login detail (e.g password), but do not object to asking 
people to re-enter the username they already have. I've seen mention of 
using username only to allow edit access on the Wiki but can't see how 
it's done.

If it helps, we're on a Windows server with Micronovae IIS Mod-rewrite 
(covers RewriteEngine, 
<http://www.micronovae.com/ModRewrite/ref/RewriteEngine.html>RewriteRule, 
<http://www.micronovae.com/ModRewrite/ref/RewriteRule.html>RewriteCond, 
<http://www.micronovae.com/ModRewrite/ref/RewriteCond.html>RewriteMap, 
<http://www.micronovae.com/ModRewrite/ref/RewriteMap.html>RewriteLog, 
<http://www.micronovae.com/ModRewrite/ref/RewriteLog.html>RewriteLogLevel, 
<http://www.micronovae.com/ModRewrite/ref/RewriteLogLevel.html>RewriteOptions, 
<http://www.micronovae.com/ModRewrite/ref/RewriteOptions.html>RewriteBase, 
<http://www.micronovae.com/ModRewrite/ref/RewriteBase.html>RewriteLock 
<http://www.micronovae.com/ModRewrite/ref/RewriteLock.html>).

I've been having a go with using the .htpassword option with AuthUser 
(using username and password for now). I have given the .htpassword file 
full R/W permission but am receiving an fopen error. Is this likely to 
be Windows related, or my error in setup?

All advice much appreciated.
Thanks.




More information about the pmwiki-users mailing list