Haywire's Hobbies
|
PmWiki /
AuthUseradministrators (intermediate) AuthUser is PmWiki's identity-based authorization system that allows access to pages to be controlled through the use of usernames and passwords. AuthUser can be used in addition to the password-based scheme that is PmWiki's default configuration. AuthUser is a very flexible system for managing access control on pages, but flexibility can also bring complexity and increased maintenance overhead to the wiki administrator. This is why PmWiki defaults to the simpler password-based system. For some thoughts about the relative merits of the two approaches, see PmWiki:ThoughtsOnAccessControl. Activating AuthUserTo activate PmWiki's identity-based system, add the following line to local/config.php: include_once(" Creating user accountsMost of AuthUser's configuration is performed via the Site.AuthUser page. To change the AuthUser configuration, simply edit this page like any other wiki page (you'll typically need to use the site's admin password for this). To create a login account, simply add lines to Site.AuthUser that look like: username: (:encrypt password:) For example, to create a login account for "alice" with a password of "wonderland", enter: alice: (:encrypt wonderland:) When the page is saved, the " For greater security, place a read password on the Site.AuthUser page.
To change or reset an account's password, simply replace the encrypted string with another Controlling access to pages by loginPages and groups can be protected based on login account by using "passwords" of the form It's possible to use multiple "id:" declarations and passwords in the quick id:alice,carol To allow access to anyone that has successfully logged in, use " One can also perform site-wide restrictions based on identity in the $DefaultPasswords array: e.g. # require valid login before viewing pages $DefaultPasswords['read'] = 'id:*'; # Alice and carol may edit $DefaultPasswords['edit'] = 'id:alice,carol'; You can change the $DefaultPasswords array in local customization files such as:
Organizing accounts into groupsAuthUser also makes it possible to group login accounts together into authorization groups, indicated by a leading "@" sign. As with login accounts, group memberships are maintained by editing the Site.AuthUser file. Group memberships can be specified by either listing the groups for a login account (person belongs to groups) or the login accounts for a group (group includes people). You can repeat or mix-and-match the two kinds as desired: @writers: alice, bob carol: @writers, @editors @admins: alice, dave Then, to restrict page access to a particular group, simply use " Getting account names and passwords from external sourcesThe AuthUser script has the capability of obtaining username/password pairs from places other than the Site.AuthUser page, such as passwd-formatted files (usually called '.htpasswd' on Apache servers), LDAP servers, or even the local/config.php file. Passwd-formatted files (.htpasswd)Passwd-formatted files, commonly called .htpasswd files in Apache, are text files where each line contains a username and an encrypted password separated by a colon. A typical .htpasswd file might look like: alice:vK99sgDV1an6I
carol:Q1kSeNcTfwqjs
To get AuthUser to obtain usernames and passwords from a .htaccess file, add the following line to Site.AuthUser, replacing "/path/to/.htpasswd" with the filesystem path of the .htpasswd file: htpasswd: /path/to/.htpasswd Creation and maintenance of the .htpasswd file can be performed using a text editor, or any number of other third-party tools available for maintaining .htpasswd files. The Apache web server typically includes an htpasswd command for creating accounts in .htpasswd: $ htpasswd /path/to/.htpasswd alice New password: Re-type new password: Adding password for user alice $ Configuration via local/config.phpAuthUser configuration settings can also be made from the local/config.php file in addition to the Site.AuthUser page. Such settings are placed in the $AuthUser array, and must be set prior to including the authuser.php script. Some examples: # set a password for alice $AuthUser['alice'] = crypt('wonderland'); # set a password for carol $AuthUser['carol'] = '$1$CknC8zAs$dC8z2vu3UvnIXMfOcGDON0'; # Use local/.htpasswd for usernames/passwords $AuthUser['htaccess'] = 'local/.htpasswd'; Setting the Author NameBy default, PmWiki will use a login name in the Author field of the edit form, but allows the author to change this value prior to saving. To force the login name to always be used as the author name, use the following sequence to activate AuthUser: include_once(" See Also<< | Documentation Index | >> |