[pmwiki-users] Multiple Sources, Authentication Groups, and AuthUser

[Jon Haupt]

> > The "best" way of doing this it seems would be something like
> > id:(someone_from_the_ldap), id:whoeverelse
>
> You could also add passwords to the individual pages that you want
> the outside individuals to have access to.  Thus:
>
>     id:* xyzpassword
>
> means to allow any LDAP authenticated individual, as well as anyone
> who knows the password "xyzpassword".  Then you just give the
> "xyzpassword" to those (few) individuals who need access.
>
> In general I find that for small groups, it's much easier to work
> with shared passwords than user-based authentication.  But that's
> just me.  :-)
>

Yeah, I think I agree with you most of the time.  My setup is a little
more complex as I've got enforced author tracking going on, in which
authorship is required, and $Author is set using the uid from LDAP,
and it isn't possible to edit the author name.  I guess I could
require that a username be used, not just a password, when "logging
in"?

Also: if someone just "logs in" with a password, does (:if $AuthId:)
return true?

> > There isn't really a way to specify which source someone is being
> > authenticated from, though, right?  So then, I was thinking, what
> > about creating an authentication group, which anybody from a source is
> > going to automatically be a part of... then I could do @librarystaff,
> > id:whoeverelse.  Right?
> >
> > Is that possible?
>
> Hmmm, I'd have to think about how this would be implemented.
> Doesn't seem like it would be too difficult, however.
>
> Pm
>

This would be the preferred option.  If it just wouldn't work, I guess
I'd figure out how to give the few oddities a shared password.


--
Jon Haupt
Fine & Performing Arts Librarian
Iowa State University
152 Parks Library
Ames, IA 50011
515-294-0904
jhaupt at iastate.edu