[pmwiki-users] HTTP Authentication and use of login name

Hartl, Bob hartl.r at ghc.org
Tue Jun 6 19:02:54 CDT 2006 

Patrick, I followed your suggestion (below) and used this:
    include("$FarmD/scripts/author.php");
    include("$FarmD/scripts/httpauth.php");

But I have NOT yet included this:
    include("$FarmD/scripts/authuser.php");  # only if you're using
authuser
You suggested that I include this ONLY if I was using authuser - and I
wasn't.  I'm using strictly http authentication.

Using the first two lines above meets the goal as I stated it below.
Thanks!

However there is one thing that doesn't work.  I was hoping to using
"authorization groups" -- e.g. "@writers".  I set these up in
Site.AuthUser, put they don't seem to get recognized.  Is this because I
have NOT included authuser.php above?  Would including authuser.php
enable me to use groups?  But would including authuser.php (for the
purpose of using these authorization groups) compromise in any way the
use of http authentication?  If so, is there a preferred way to use
authorization groups with http authentication?

Thanks
Bob Hartl

-----Original Message-----
From: Patrick R. Michaud [mailto:pmichaud at pobox.com] 
Sent: Wednesday, May 24, 2006 12:52 PM
To: Hartl, Bob
Cc: pmwiki-users at pmichaud.com
Subject: Re: [pmwiki-users] HTTP Authentication and use of login name


On Wed, May 24, 2006 at 12:42:57PM -0700, Hartl, Bob wrote:
> In the meantime as a backup solution, I am using http-authentication 
> and setting $EnablePostAuthorRequired to 1 to require users to enter a

> non-blank author name.  The slight problem is that the initial value 
> of the Author field is "DOMAINNAMEusername" -- ideally I would like 
> the initial value of Author field to be blank, so that the user would 
> be forced (via the $EnablePostAuthorRequired setting) to enter an 
> author name (and my hope would be that they enter a "proper" author 
> name -- i.e. "firstname lastname".  Is there a way, when using 
> http-authentication, for the Author field to be inially blank?

Try including scripts/author.php *before* any include of httpauth.php or
authuser.php:

    include("$FarmD/scripts/author.php");
    include("$FarmD/scripts/httpauth.php");
    include("$FarmD/scripts/authuser.php");  # only if you're using
authuser

Pm

> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com 
> [mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
> Sent: Monday, May 22, 2006 3:49 PM
> To: Patrick R. Michaud
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> 
> 
> Patrick,
> 
> Thanks again for you reply.  The LDAP approach sure sounds best.  I 
> agree -- this would be a great addition to the core.
> 
> Would the approach be to come up with an "LDAP" alternative to this 
> statement in config.php?
> (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];
> 
> Or is the approach more complicated -- perhaps the httpauth.php script

> must be modified to grab the author name from the LDAP server?
> 
> One of my colleagues retrieved active directory information via LDAP 
> in a .NET application, and he discovered that for our LDAP server, 
> first name is property "givenname" and last name is property "sn" (as 
> in surname).  I don't know if this is standard or not.  His .NET code 
> provides a username and password (which I also have access to) in 
> order to make a non-anonymous inquiry to get "givenname" and "sn" for 
> the provided username.
> 
> I'd definitely be interested in testing this change!
> 
> Thanks
> Bob Hartl
> 
> 
> 
> -----Original Message-----
> From: Patrick R. Michaud [mailto:pmichaud at pobox.com]
> Sent: Monday, May 22, 2006 2:46 PM
> To: Hartl, Bob
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> 
> 
> On Mon, May 22, 2006 at 12:41:22PM -0700, Hartl, Bob wrote:
> > Patrick,
> > 
> > The httpauth.php script works nicely, thanks.  I would however like 
> > to
> 
> > display the "author name" not login name in the AUTHOR field.  Is 
> > this
> 
> > possible when using HTTP authentication in PmWiki?  Two approaches 
> > seem possible to me.
> 
> The login name is simply displayed by default in the "Author" 
> field--an author can change the value to be something else (and that 
> is the value remembered for future sessions as long as cookies are 
> enabled).
> 
> > Is it possible to grab a "display name" variable -- or "first name" 
> > and "last name" variables -- instead of the REMOTE_USER variable?  
> > Is there such a server variable(s) to grab?
> 
> There aren't such server variables to grab.
> 
> > 2) Would the storedauthname.php script work with "http 
> > authentication?" From the documentation it appears that it's meant 
> > to work specifically with "AuthUser"
> 
> It might -- I haven't tried it.
> 
> > Would a possible approach be to use LDAP to grab the display name 
> > (i.e. author name) from the login name?  I can't however do an 
> > anonymous bind to my LDAP server -- but I have credentials with 
> > which to make a non-anonymous request.
> 
> Sure, that would be possible; it isn't even difficult.  It might even 
> be worth a change to the core to support this automatically.
> 
> Pm
> 
> > -----Original Message-----
> > From: pmwiki-users-bounces at pmichaud.com 
> > [mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
> > Sent: Friday, May 19, 2006 2:58 PM
> > To: Patrick R. Michaud
> > Cc: pmwiki-users at pmichaud.com
> > Subject: Re: [pmwiki-users] HTTP Authentication and use of login 
> > name
> > 
> > 
> > Hello Patrick,
> >  
> > I do not have httpauth.php in my config.php -- this must be what I'm

> > missing -- thanks!  I just read the documentation that says PmWiki 2

> > uses sesson-based authentication by default.
> >  
> > The documentation describes http authentication as HTTP-Basic 
> > authentication.  My pmwiki website is using "basic authentication" 
> > (anonymous is disabled).  I'm using "basic authentication" for 
> > testing
> > -- but my real goal is to use "integrated windows authentication" as
I
> 
> > have a Windows domain environment.  Can I expect that PmWiki's http 
> > authentication will work for "integrated windows authentication" as 
> > well as "basic authentication?"  Perhaps I'll find out the answer to

> > this when I test it.
> >  
> > Thanks again!
> > Bob Hartl
> > 
> > ________________________________
> > 
> > From: Patrick R. Michaud [mailto:pmichaud at pobox.com]
> > Sent: Fri 5/19/2006 7:09 AM
> > To: Hartl, Bob
> > Cc: pmwiki-users at pmichaud.com
> > Subject: Re: [pmwiki-users] HTTP Authentication and use of login 
> > name
> > 
> > 
> > 
> > On Thu, May 18, 2006 at 03:12:44PM -0700, Hartl, Bob wrote:
> > > I'm a new user of PmWiki.  I installed PmWiki on Windows using 
> > > ISAPI. So far so good!  I'm using HTTP authentication and I've had

> > > success
> in
> > 
> > > getting the authenticated login name from REMOTE_USER -- i.e. 
> > > PmWiki
> 
> > > fills the Author field with this login name.  (I followed advice 
> > > in
> > > Cookbook:RequireAuthor, section HTTP authentication.)
> > >
> > > I have a WikiGroup, for which I have restricted editing to 
> > > selected
> > > login names (as they appear using REMOTE_USER).  My hope is that
if 
> > > the user's login name is one of those permitted-to-edit login
names,
> 
> > > then the user is able to immediately edit (without any intervening
> > login form
> > > from PmWiki).   But I am getting the login form (username and
> > password).
> > > It seems like I should be able to do this.  Am I missing something
> > > easy?
> > 
> > How do you have your site configured for HTTP authentication -- are 
> > you using the httpauth.php script in your config.php?
> > 
> > With what you've described, I don't think that an author should be 
> > getting the password prompt after being logged in.  But I'd need to 
> > know a few more details of the setup first.
> > 
> > Pm
> > 
> > 
> > 
> > _______________________________________________
> > pmwiki-users mailing list
> > pmwiki-users at pmichaud.com 
> > http://host.pmichaud.com/mailman/listinfo/pmwiki-users
> > 
> 
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com 
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users
>

More information about the pmwiki-users mailing list