[pmwiki-users] Authentication confusion

Patrick R. Michaud pmichaud at pobox.com
Fri Jun 9 12:18:49 CDT 2006

On Fri, Jun 09, 2006 at 01:37:27PM +1000, Kathryn Andersen wrote:
> What am I doing wrong?  Or is it the case that one can't use HTTP
> authentication unless one puts read-protection via Apache onto the whole
> wiki?  (Thus making the Apache authentication happen first, and one would
> be in scenario A).  But I don't want to do that, because I don't want
> read-protection on this, only edit-protection.

Since Apache is the only thing that understands mod_auth_pam,
for this scenario authentication will have to occur within Apache.  
(PmWiki doesn't know how to talk to PAM.) 

And in all of my testing with Apache, I've never found a way to 
get Apache to have "optional authentication" -- i.e., to
put a userid into the REMOTE_USER variable if credentials have
been provided, but allow access to the resource (with REMOTE_USER
unset) even when credentials haven't been provided.

With Apache authentication it seems to be an all-or-nothing 
proposition, if authentication is enabled then every access to
a resource must provide authentication credentials, otherwise
authentication isn't available period.  I've also tried various
combinations of mod_auth_anon, but not with any useful success.


More information about the pmwiki-users mailing list