[pmwiki-users] Announce: ExternAuth Recipe Submission

Gary Spivey gspivey at georgefox.edu
Sat Jun 3 22:37:58 CDT 2006



In response to Gary Vedvik's question, I am announcing ExternAuth in the
event that somebody else would care to use it. It is working very well
for my on my PmWiki installation.

>From the summary to the cookbook recipe I just uploaded at:
http://www.pmwiki.org/wiki/Cookbook/ExternAuth

---------------------------
ExternAuth enables PmWiki to utilize authentication mechanisms external
to PmWiki by accessing php $_SESSION variables set by the external
authentication mechanism:

    * $_SESSION['authenticated'] - a BOOLEAN
    * $_SESSION['username'] - the username of the authenticated user
    * $_SESSION['groups'] - an array of groups for which the user is a
member. 

Page attributes can be set to allow access based on individual users,
groups of users, or open access. The attribute edit form has been
changed to allow users to select groups using checkboxes. Additionally,
WikiGroups can be given default authentication requirements for
individual actions for all pages within the group. That is, one can set
a WikiGroup to be readable by all, and editable only by authenticated
users. Then, on a page by page basis, these defaults can be overridden.

Additionally, the username is used as the Author name for all edits.
-----------------------------

Gary,

  I don't know if this is exactly what you are after, but if you already
have an authentication mechanism on your website, you can just set the
_SESSION variables and use externauth.


-Gary


> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com [mailto:pmwiki-users-
> bounces at pmichaud.com] On Behalf Of Vedvik, Gary
> Sent: Saturday, June 03, 2006 10:02 AM
> To: pmwiki-users at pmichaud.com
> Subject: [pmwiki-users] Authentication confusion
> 
> I've been looking at AuthUser, UserAuth, httpauth, and have gotten
> myself pretty confused as to how to accomplish what I'm trying to do.
> Essentially what I would like to do is use http authentication, and
> place the authenticated user IDs into pmwiki groups. I'd also like to
> used LDAP to obtain the users display name (e.g. fn/sn) as the author
> for any page edits.  Lastly, I'd like to disallow any changes to the
> "author" field when editing pages to be used, do avoid impersonation
> issues).
> 
> The primary reason we want to use http authentication is that we're
> looking to use pmwiki in an environment with Windows users that are
> already logging into Active Directory, and primarily use IE, so using
> http authentication seems the most logical method for user security by
> running pmwiki on a Windows host with PHP and using IIS integrated
> authentication.
> 
> Based on what I've read on the pmwiki site, AuthUser appears to
support
> ldap, but how does this work in conjunction with http authentication,
> and does it ultimately fill in the author variable?  Can it also
support
> placing the user authentication id in pmwiki groups?  AuthUser also
> appears to be less intuitive to use than UserAuth because it seems
that
> you need to enter permissions individually on each wikigroup and/or
wiki
> page.
> 
> UserAuth is a much more intuitive interface for managing permissions,
> since everything is performed on one page (groups, users, etc.)
However
> it doesn't appear to support http authentication, nor the ability to
> derive the author field from an external source (e.g. the result of an
> LDAP query for the authenticated user ID).
> 
> Is what I'm trying to accomplish possible?  Have I overlooked
something?
> What seems to be missing on the pmwiki site is authentication scenario
> examples.  The examples currently describe the capabilities of each
> module, but leave it to the reader to put it all together.
> Configuration scenario examples would certainly help.
> 
> Thanks,
> GaryV
> 
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users




More information about the pmwiki-users mailing list