[pmwiki-users] Apache Question??
Patrick R. Michaud
pmichaud at pobox.com
Thu Aug 24 11:18:25 CDT 2006
On Thu, Aug 24, 2006 at 10:02:46AM -0400, Ben Weston wrote:
> I'm an expierenced Linux/UNIX Admin, but I'm still rather new to Apache
> (I know, a real contradiction). I just setup PmWiki, and it's working
> great. However, I want to be able to put a User based authentication on
> being able to access the site entirely (side bar, content, everything).
> This is for a company documentation site, and we want to be able to put
> it on a publicly addressable server for our field techs to access
> on-site, but don't want undesirables finding out our customer info etc.
> Right now it's internal only, so only partially useful for our needs.
How many field techs do you have? If so, you may not need "user-based"
authentication, a simple shared-password authentication scheme may work.
This is what I have done in the past on many sites, with great
success. The advantage of using a shared password (as opposed to
"user-based") is that it's not necessary to maintain username+password
pairs, or worry about people forgetting their passwords.
> Is this something that is done in PmWiki natively, or do I need set this
> up through Apache. I'm guessing I need to go with an SSL route, but I'm
> not sure.
To lock down access to the entire site, you can do it either through
Apache or through PmWiki. To do it in PmWiki, simply add the
following line in local/config.php:
$DefaultPassword['read'] = crypt('shared_password');
After this, PmWiki will allow access to the site only to people who
know 'shared_password' (of course, change this to suit your needs).
To let Apache handle the access control, just set up Apache
authorization via .htpasswd files -- there are lots of tutorials
on the web about this.
Of course, if you later decide that you need user-based authorization,
with the ability to authorize actions based on identity instead of
a shared secret, it's easy to switch to that in PmWiki. But I've
found it's much easier to tell everyone "the password is 'xyz'"
than to give everyone another username and password to remember.
More information about the pmwiki-users