[pmwiki-users] authuser improvements
Patrick R. Michaud
pmichaud at pobox.com
Sun Nov 27 08:43:43 CST 2005
On Sun, Nov 27, 2005 at 08:27:47AM -0600, Patrick R. Michaud wrote:
> On Sun, Nov 27, 2005 at 12:47:24PM +0100, Mikael Nilsson wrote:
> > I find it a bit disturbing that I need to specify the default site-wide
> > passwords etc in config.php, when the rest of the authentication is
> > specified in either $Group.GroupAttributes, Site.AuthUser or
> > $FullName?action=attr. I'd like to see the possibility to define
> > $DefaultPasswords in Site.AuthUser.
> > Does that make sense, or are there good reasons not to allow that?
> I started in that direction, and then realized that the only way that
> can work is if the Site.AuthUser page is loaded and processed on
> every access to PmWiki. As things stand now the Site.AuthUser page only
> needs to be loaded and processed when someone enters a username and
> password, which is a lot more efficient.
More to the point, I don't think we'll ever have it that configuration
is done completely from wiki pages, so it's not too much to ask that
the administrator set a few variables in $DefaultPasswords in config.php.
The admin already needs to set other things in config.php.
And it only needs to be done once -- an administrator can set something like:
$DefaultPasswords['edit'] = '@site_edit';
$DefaultPasswords['attr'] = '@site_attr';
$DefaultPasswords['admin'] = '@site_admin';
just once and then do all authorizations from Site.AuthUser.
Also, there has to be a way to recover the ability to edit
the Site.AuthUser page if its passwords are lost or accidentally
misconfigured, and $DefaultPasswords['admin'] is really the only
reliable way to do that.
So, since we can't eliminate $DefaultPasswords entirely from the
configuration process, we might as well just keep it explicit
and part of the standard way to do things.
More information about the pmwiki-users