[pmwiki-users] Which authentication module to use?

Oliver Betz list_ob at gmx.net
Wed Dec 16 07:36:38 CST 2009


Jon Wickström wrote:

> Q: What authentication module should I use? Minumum is allowing user
> to change own password, selfregistering is preferred. Probable needed
> security levels are admin, logged in user can edit, not logged in
> users can read. I don't want to use a database or external source for
> the authentication. 
> 
> AuthUser is built in, but does not quite take me all the way. Minimum
> requirement is for the user to be able to change their own password. 

HtpasswdForm allows users to change their password and to
self-register but without mail confirmation.

Currently I'm using HtpasswdForm, but if a user forgets his password,
I have to reset it manually. No problem for me since there are not too
many users.

Iwould be nice to see something like HtpasswdForm with confirming a
valid mail address (via web link) and maybe "forgot password" support
(via email).

A logging function to catch unused accounts would also be interesting,
but this seems to be so simple that I could do it myself.

> AuthUserSignup seems to have signup and password changeing. And it is
> built on AuthUser? Stable. Is it supported? 

it is way too complicated for me to understand and therefore to judge
whether it is a security risk.

AuthUser with HtpasswdForm is simple, there is little risk that
something goes wrong and I can do some maintenance if necessary.

Oliver




More information about the pmwiki-users mailing list