UserAuth:<br>
* breaks ?action=attr<br>
* Sometimes just won't allow a user the access that he/she has been explicitly given<br>
* You get to guess when those times occur<br>
* A user who has <span style="font-weight: bold;">not</span> been
assigned admin status cannot get to the default page of a wikigroup by
clicking on a link (such as in the breadcrumbs) to {$Group} or
<a href="http://site.com/Group">http://site.com/Group</a><br><br><div><span class="gmail_quote">On 12/6/05, <b class="gmail_sendername">Patrick R. Michaud</b> <<a href="mailto:pmichaud@pobox.com">pmichaud@pobox.com</a>
> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Tue, Dec 06, 2005 at 07:45:34PM +0100, Hsing-Foo Wang wrote:<br>> is there somebody who can explain in simple words what kind of
<br>> authentication ways there are(incl cookbook), and specifically for what<br>> usage. I know the wiki says it all, but I would like to get a grasp of<br>> it at a 'meta level'<br><br>As far as I know, there are three basic authorization mechanisms
<br>available for PmWiki:<br> 1. passwords on pages,<br> 2. AuthUser (scripts/authuser.php), and<br> 3. UserAuth (<a href="http://www.pmwiki.org/wiki/Cookbook/UserAuth">http://www.pmwiki.org/wiki/Cookbook/UserAuth</a>
).<br><br>Both #2 and #3 are built on top of PmWiki's page password mechanism,<br>so that it's possible to have both identity-based authorizations and<br>password-based authorizations on pages.<br><br>Personally, I always use method #1 for my sites. While it's true that
<br>many people somehow feel more "comfortable" with systems where each<br>author has a separate username and password, I know from long experience<br>as a system administrator that the number one maintenance item is
<br>helping people recover lost passwords or usernames. Since my sites<br>generally have a small number of authors for any given section, using<br>a single shared password for groups of pages is *much* more convenient<br>
for me and my authors than trying to manage multiple separate accounts.<br>This method has even worked well on sites consisting of hundreds of<br>authors (especially since authors are able to set their own passwords<br>and share them with trusted colleagues).
<br><br>For sites that need identity-based authorization, PmWiki provides the<br>AuthUser script (#2), which has just undergone some major improvements<br>for PmWiki 2.1 (thus the Cookbook.AuthUser page is a little out of date).
<br>AuthUser overloads the basic protection scheme to also allow access<br>based on an authenticated identity ("id:alice") or membership in a<br>defined group of identities ("@editors"). The best place to see
<br>what AuthUser currently offers is the Site.AuthUser page at<br><a href="http://www.pmwiki.org/wiki/Site/AuthUser">http://www.pmwiki.org/wiki/Site/AuthUser</a> .<br><br>At present, usernames and passwords for AuthUser come from an
<br>"external" source of some sort, which can be any of the Site.AuthUser<br>page, local Apache .htpasswd files, LDAP servers, MySQL databases,<br>or the local/config.php file. AuthUser is also extensible to allow
<br>other authentication sources.<br><br>I'm not very familiar with UserAuth (#3), but I'll provide my<br>understanding of how it works (and others can correct me as<br>appropriate). UserAuth takes a different approach in that
<br>authenticated users can be given permissions that override any<br>passwords that may be placed on pages. Thus, an administrator<br>can say, for example, that "alice" is able to edit certain groups<br>or pages regardless of any passwords set for them. Unlike AuthUser,
<br>UserAuth can only get its usernames and passwords from an Apache<br>.htpasswd file. However, UserAuth also provides form-based<br>interfaces to allow authors to change passwords, as well as a form-based<br>system for admins to add new accounts or change account permissions.
<br><br>Form-based interfaces for registering new accounts and allowing<br>authors to change passwords are planned for AuthUser (#2), but<br>aren't completed yet.<br><br>I hope this helps! I'd like to take the above information and put
<br>it into the PmWiki docs somewhere, so any comments, questions,<br>or suggestions on the above descriptions would be greatly appreciated.<br><br>Pm<br><br>_______________________________________________<br>pmwiki-users mailing list
<br><a href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a><br><a href="http://host.pmichaud.com/mailman/listinfo/pmwiki-users">http://host.pmichaud.com/mailman/listinfo/pmwiki-users</a><br></blockquote></div>
<br>