[pmwiki-users] authentication problems (built-in and authuser)

Patrick R. Michaud pmichaud at pobox.com
Wed Nov 23 13:54:17 CST 2005

On Wed, Nov 23, 2005 at 02:13:11PM -0500, Bronwyn Boltwood wrote:
> I no longer have any idea what to do about the authentication problems
> in a wiki that I'm building for a local business.  PmWiki is acting as
> a simple CMS for a very small site.  I've written a custom skin that
> only shows you editing commands once you login.
> I'm just about ready to defenestrate PmWiki over this.  I've read the
> documentation several times over, and have spent 5 days or so
> wrestling with this bloody series of problems.  

Eek, 5 days?!?  Sorry about that.  Let's see what we can figure out.

First, I've set up a duplicate of your configuration at
http://www.pmwiki.org/sandbox/authtest/ .  You can 
view the configuration files I'm using at 
http://www.pmwiki.org/sandbox/authtest/local/ .

In setting up the test I found that 2.1.beta2 has a bug dealing
with the "id:*" specification.  Now fixed in 2.1.beta3 (just released), 
and the bug didn't exist in 2.1.beta1 or earlier versions, so that
can't really explain all of the problems you're having.

As far as I can tell, everything is working on the authtest
site as I would expect it to.  Feel free to test it liberally
and let me know anything that seems odd.  But lacking that,
I'm guessing it must be a server setting that is causing the problem.

> It keeps changing
> behaviour slightly -- sometimes it works in one browser, and then
> later it breaks there too.  Anything but work consistently enough to
> deliver the site to the client.

The fact that it's inconsistent makes me wonder if it's a PHP 
sessions problem -- almost as if the sessions are immediately being
expired or timed out.  I know this problem existed on sourceforge;
somewhere on sf there were one or more PHP scripts running that
had the session expiration set to just a few seconds, and since
by default PHP shares the session files among all scripts, this
had the side effect of causing any entered passwords to be forgotten
almost immediately and re-prompting.  The solution on sourceforge
was for each PmWiki installations to create its own session 
directory instead of sharing the systemwide default.

> I've tried it on localhost (running the WAMPserver package) and my
> webhost.  

However, the fact that you're having trouble on the localhost
would seem to indicate that it's not a shared-installation problem.

> I can't even get things to work with the very vanilla setup of two
> sitewide passwords -- one for edit and one for admin -- and the
> read-protected Site.Login page!  Even that way, it insists on having
> the most privileged password before displaying page content.  Pm,
> surely this isn't by design?

Definitely not.

Is there a url where we could play with this on one of your servers?  
Or, alternatively, could you run a ?action=phpinfo on one of your 
installations and compare the "session" settings with the ones that 
appear at http://www.pmichaud.com/sandbox/authtest/pmwiki.php?action=phpinfo ?

We'll definitely figure this one out somehow.


More information about the pmwiki-users mailing list