[pmwiki-users] Which authentication module to use?
Oliver Betz
list_ob at gmx.net
Wed Dec 16 07:36:38 CST 2009
Jon Wickström wrote:
> Q: What authentication module should I use? Minumum is allowing user
> to change own password, selfregistering is preferred. Probable needed
> security levels are admin, logged in user can edit, not logged in
> users can read. I don't want to use a database or external source for
> the authentication.
>
> AuthUser is built in, but does not quite take me all the way. Minimum
> requirement is for the user to be able to change their own password.
HtpasswdForm allows users to change their password and to
self-register but without mail confirmation.
Currently I'm using HtpasswdForm, but if a user forgets his password,
I have to reset it manually. No problem for me since there are not too
many users.
Iwould be nice to see something like HtpasswdForm with confirming a
valid mail address (via web link) and maybe "forgot password" support
(via email).
A logging function to catch unused accounts would also be interesting,
but this seems to be so simple that I could do it myself.
> AuthUserSignup seems to have signup and password changeing. And it is
> built on AuthUser? Stable. Is it supported?
it is way too complicated for me to understand and therefore to judge
whether it is a security risk.
AuthUser with HtpasswdForm is simple, there is little risk that
something goes wrong and I can do some maintenance if necessary.
Oliver
More information about the pmwiki-users
mailing list