[pmwiki-users] HTTP Authentication and use of login name
nospam at eton.ca
Wed Jun 7 12:17:45 CDT 2006
At 2006-06-07 09:33 AM -0700, Hartl, Bob is rumored to have said:
>Is there a way to use http authentication with groups as I suggest?
I do this on several wikis in a farm. I don't think I have anything
special, but the relevant items are:
1) Use Apache BA for access. Groups are defined in Apache, but
ignored in this case.
2) In farmconfig.php:
## This will set the author field on all requests authenticated by
## It will even override anything the author happens to put in the "Author"
## box on the edit form.
if (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];
3) In the protected wiki's local/config.php:
$DefaultPasswords['read'] = 'id:*';
$DefaultPasswords['admin'] = '@admins';
## turn on the PmWiki authentication
##if someone has authenticated using Apache BA, then use that for local auth
4) In the protected wiki's Site/AuthUser page:
@Bgroup: Harold, Neil, Bob, Alex
## note that the -Andy syntax doesn't work here. It is a
reminder of the group level attribute.
@Cgroup: *, -Andy
5) On any given group attribute page restricted to a single group of users:
read password: @Xgroup
6) On the group only Andy is not allowed to see:
read password: @Cgroup id:-Andy
The only really tricky thing is that the "-Andy" notation does *not*
work on the Site/AuthUser page. I just put it there as a reminder.
This works really well. When someone logs in, they have a view of the
wiki that is restricted based on their group membership. Sometimes
with some browsers (probably a caching problem of some sort) the very
first page the person looks at does not show them all of the content
they are entitled to - but clicking any link immediately changes
that. I have not bothered to try and fix this, and no-one has complained!
Corporate info at http://www.eton.ca/
More information about the pmwiki-users