[pmwiki-users] Authentication confusion
Gary.Vedvik at xerox.com
Sat Jun 3 12:02:14 CDT 2006
I've been looking at AuthUser, UserAuth, httpauth, and have gotten
myself pretty confused as to how to accomplish what I'm trying to do.
Essentially what I would like to do is use http authentication, and
place the authenticated user IDs into pmwiki groups. I'd also like to
used LDAP to obtain the users display name (e.g. fn/sn) as the author
for any page edits. Lastly, I'd like to disallow any changes to the
"author" field when editing pages to be used, do avoid impersonation
The primary reason we want to use http authentication is that we're
looking to use pmwiki in an environment with Windows users that are
already logging into Active Directory, and primarily use IE, so using
http authentication seems the most logical method for user security by
running pmwiki on a Windows host with PHP and using IIS integrated
Based on what I've read on the pmwiki site, AuthUser appears to support
ldap, but how does this work in conjunction with http authentication,
and does it ultimately fill in the author variable? Can it also support
placing the user authentication id in pmwiki groups? AuthUser also
appears to be less intuitive to use than UserAuth because it seems that
you need to enter permissions individually on each wikigroup and/or wiki
UserAuth is a much more intuitive interface for managing permissions,
since everything is performed on one page (groups, users, etc.) However
it doesn't appear to support http authentication, nor the ability to
derive the author field from an external source (e.g. the result of an
LDAP query for the authenticated user ID).
Is what I'm trying to accomplish possible? Have I overlooked something?
What seems to be missing on the pmwiki site is authentication scenario
examples. The examples currently describe the capabilities of each
module, but leave it to the reader to put it all together.
Configuration scenario examples would certainly help.
More information about the pmwiki-users