[Pmwiki-users] User based security?

[Patrick R. Michaud]

On Tue, Feb 24, 2004 at 01:29:29PM +1100, Nathan Jones wrote:
> 
> >although I'm not sure if it will be possible to allow anonymous read access
> >when using .htaccess authentication.
> 
> I doubt it. My understanding of Apache's support for Basic Auth, is that
> it applies to a whole directory and its subdirectories. I'd imagine that
> allowing anonymous access to pages, but requiring auth for editing is not
> possible.
>
> Looks like the Cookbook module would have to work directly with HTTP
> headers:

PmWiki already does this.  What would be really nice is if PmWiki can
generate the 401 Authorization Required response (with a WWW-Authenticate
header) but let Apache perform the authentication.  I'll see if I can
prototype this--I worked on something similar to this several years ago
for another project but forget where I ended up.

> >We could also see about combining the authentication mechanisms; i.e.,
> >have a username+password scheme combined with the current page/group
> >passwords.
> 
> As the module will be an optional extra (ie. in the Cookbook), the
> current password scheme for groups, pages and actions would have to
> remain in the default install. Not sure how the two schemes should
> interact. (Not that you'd really need the existing scheme if using the
> Cookbook module.)

Well, I was thinking that an installation could combine the methods;
i.e., I could gain access to pages because I have a username+password
that allows me access, or because I know the (shared) page password
w/o a username.

> One last note: I think it would be necessary that the $HTAccess['action']
> array can be set at different levels. That is, I might want:
> - In config.php:
>   $HTAccess['edit'] = 'valid-user';
> - In Private.php:
>   $HTAccess['read'] = 'nathanj';

Yes, of course.  PmWiki always works that way.  :-)

Pm