[pmwiki-users] Site.AuthList Questions
Neil Herber (nospam)
nospam at eton.ca
Mon Jun 25 22:52:55 CDT 2007
On 2007-06-25 Sivakatirswami is rumoured to have said:
> Looking at Neils system, it's clear enough, but I don't see this as very
> I'm already using Apache Basic Authentication now for about 12 users and
> I don't
> like it... I have one layer of web server task in PLESK (going into the
> adding users and passwords for each one) and then it appears one
> then has another layer to maintain at Site.Authuser and you *still*
> are have to set attributes for any given page or group, and then your
> manually maintained list: that's 4 layers! with PM native system
> i) set group-page attributes
> ii) make a note on your manually maintained list
> that's only two layers.
I am not sure that I can answer all of your questions, but this is my
PmWiki passwords without AuthUser does not authenticate the user. I need
to know who has done what and be sure that it really was the person it
was supposed to be. Hence my choice of Apache BA.
I could just use PmWiki AuthUser, because that *does* authenticate the
user. However, it does not protect anything "outside" of the wiki. In my
case, I have file libraries that live outside of the wiki. For example:
I use Apache BA to protect the entire site, not just the wiki content.
If everything lives inside your wiki, then I would suggest using
AuthUser alone. You can set up the username/password pairs and set
groups as well.
If you want to have different users or groups have different access
privilages, then I cannot see any way around using group attribute
The manual list is just a backup. I simply add new username and password
combinations to the end of the list. The real control is maintained by
the Apache .htpasswd file, or, of you take my suggestion above, by
One other feature I really like about Apache BA versus AuthUser is that
the .htaccess file is unservable. The Site.AuthUser page is servable,
and hence more vulnerable (but not much I suspect).
To reiterate, I use Apache BA to authenticate the users, then I can use
AuthUser to assign permissions to particular users by name, without
needing their passwords.
Corporate info at http://www.eton.ca/
More information about the pmwiki-users