[pmwiki-users] Authentication confusion
Patrick R. Michaud
pmichaud at pobox.com
Fri Jun 9 12:18:49 CDT 2006
On Fri, Jun 09, 2006 at 01:37:27PM +1000, Kathryn Andersen wrote:
> What am I doing wrong? Or is it the case that one can't use HTTP
> authentication unless one puts read-protection via Apache onto the whole
> wiki? (Thus making the Apache authentication happen first, and one would
> be in scenario A). But I don't want to do that, because I don't want
> read-protection on this, only edit-protection.
Since Apache is the only thing that understands mod_auth_pam,
for this scenario authentication will have to occur within Apache.
(PmWiki doesn't know how to talk to PAM.)
And in all of my testing with Apache, I've never found a way to
get Apache to have "optional authentication" -- i.e., to
put a userid into the REMOTE_USER variable if credentials have
been provided, but allow access to the resource (with REMOTE_USER
unset) even when credentials haven't been provided.
With Apache authentication it seems to be an all-or-nothing
proposition, if authentication is enabled then every access to
a resource must provide authentication credentials, otherwise
authentication isn't available period. I've also tried various
combinations of mod_auth_anon, but not with any useful success.
More information about the pmwiki-users