[pmwiki-users] Problems with authentification

[Martin Kerz]

>> I have some weird problems with authentification. I have set an  
>> admin,
>> edit, and upload password. Unfortunately everytime I visit the  
>> site, I
>> get authenticated with edit privilegs without entering a password.
>> This is in a farm setup. Has anyone else ever encountered such
>> problems? I have no clue where to start debugging this. :-/
>
> Note that if the fields of the farm are all part of the same domain,
> then it's possible for authentications to "leak" from one field
> to another (partially due to the way PmWiki uses PHP sessions).

I read about that one, but that's not the case. I hidden the link for  
editing a page using (:if auth edit:). Even when I start the browser  
anew, and the first page I visit is the relevant wikifield, the link  
is displayed to me, _and_ I can edit the page. That is although I have  
set the edit password in the field's local config like that:

$DefaultPasswords['admin'] = 'crypt('password');
$DefaultPasswords['edit'] = crypt('other-password');
$DefaultPasswords['upload'] = crypt('some-password');

Moreover, ?action=upload asks me for a password, but doesn't accept  
"some-password". The admin password does seem to work. :-/

When I set a edit-password using GroupAttributes e.g., everything  
works just fine. I'm really a bit confused here.

Martin