[pmwiki-users] HTTP Authentication and use of login name

Neil Herber nospam at eton.ca
Wed Jun 7 12:17:45 CDT 2006 

At 2006-06-07  09:33 AM -0700, Hartl, Bob is rumored to have said:
>Is there a way to use http authentication with groups as I suggest?

I do this on several wikis in a farm. I don't think I have anything 
special, but the relevant items are:

1) Use Apache BA for access. Groups are defined in Apache, but 
ignored in this case.


2) In farmconfig.php:
## This will set the author field on all requests authenticated by 
the webserver.
## It will even override anything the author happens to put in the "Author"
## box on the edit form.
if (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];


3) In the protected wiki's local/config.php:
$DefaultPasswords['read'] = 'id:*';
$DefaultPasswords['admin'] = '@admins';

## turn on the PmWiki authentication
     include_once("$FarmD/scripts/authuser.php");
##if someone has authenticated using Apache BA, then use that for local auth
     if (@$_SERVER['REMOTE_USER'])
         AuthUserId($pagename, $_SERVER['REMOTE_USER']);


4) In the protected wiki's Site/AuthUser page:
     @admins: Neil
     @Bgroup: Harold, Neil, Bob, Alex
     ## note that the -Andy syntax doesn't work here. It is a 
reminder of the group level attribute.
     @Cgroup: *, -Andy
      etc. etc.


5) On any given group attribute page restricted to a single group of users:
read password: @Xgroup


6) On the group only Andy is not allowed to see:
read password: @Cgroup id:-Andy


The only really tricky thing is that the "-Andy" notation does *not* 
work on the Site/AuthUser page. I just put it there as a reminder.

This works really well. When someone logs in, they have a view of the 
wiki that is restricted based on their group membership. Sometimes 
with some browsers (probably a caching problem of some sort) the very 
first page the person looks at does not show them all of the content 
they are entitled to - but clicking any link immediately changes 
that. I have not bothered to try and fix this, and no-one has complained!


Neil Herber
Corporate info at http://www.eton.ca/

More information about the pmwiki-users mailing list