[pmwiki-users] HTTP Authentication and use of login name

Patrick R. Michaud pmichaud at pobox.com
Wed May 24 14:52:11 CDT 2006 

On Wed, May 24, 2006 at 12:42:57PM -0700, Hartl, Bob wrote:
> In the meantime as a backup solution, I am using http-authentication and
> setting $EnablePostAuthorRequired to 1 to require users to enter a
> non-blank author name.  The slight problem is that the initial value of
> the Author field is "DOMAINNAMEusername" -- ideally I would like the
> initial value of Author field to be blank, so that the user would be
> forced (via the $EnablePostAuthorRequired setting) to enter an author
> name (and my hope would be that they enter a "proper" author name --
> i.e. "firstname lastname".  Is there a way, when using
> http-authentication, for the Author field to be inially blank?  

Try including scripts/author.php *before* any include of httpauth.php
or authuser.php:

    include("$FarmD/scripts/author.php");
    include("$FarmD/scripts/httpauth.php");
    include("$FarmD/scripts/authuser.php");  # only if you're using authuser

Pm

> -----Original Message-----
> From: pmwiki-users-bounces at pmichaud.com
> [mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
> Sent: Monday, May 22, 2006 3:49 PM
> To: Patrick R. Michaud
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> 
> 
> Patrick,
> 
> Thanks again for you reply.  The LDAP approach sure sounds best.  I
> agree -- this would be a great addition to the core.
> 
> Would the approach be to come up with an "LDAP" alternative to this
> statement in config.php?
> (@$_SERVER['REMOTE_USER']) $Author = $_SERVER['REMOTE_USER'];
> 
> Or is the approach more complicated -- perhaps the httpauth.php script
> must be modified to grab the author name from the LDAP server?
> 
> One of my colleagues retrieved active directory information via LDAP in
> a .NET application, and he discovered that for our LDAP server, first
> name is property "givenname" and last name is property "sn" (as in
> surname).  I don't know if this is standard or not.  His .NET code
> provides a username and password (which I also have access to) in order
> to make a non-anonymous inquiry to get "givenname" and "sn" for the
> provided username.
> 
> I'd definitely be interested in testing this change!
> 
> Thanks
> Bob Hartl
> 
> 
> 
> -----Original Message-----
> From: Patrick R. Michaud [mailto:pmichaud at pobox.com] 
> Sent: Monday, May 22, 2006 2:46 PM
> To: Hartl, Bob
> Cc: pmwiki-users at pmichaud.com
> Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> 
> 
> On Mon, May 22, 2006 at 12:41:22PM -0700, Hartl, Bob wrote:
> > Patrick,
> > 
> > The httpauth.php script works nicely, thanks.  I would however like to
> 
> > display the "author name" not login name in the AUTHOR field.  Is this
> 
> > possible when using HTTP authentication in PmWiki?  Two approaches
> > seem possible to me.
> 
> The login name is simply displayed by default in the "Author" field--an
> author can change the value to be something else (and that is the value
> remembered for future sessions as long as cookies are enabled).
> 
> > Is it possible to grab a "display name" variable -- or "first name"
> > and "last name" variables -- instead of the REMOTE_USER variable?  Is 
> > there such a server variable(s) to grab?
> 
> There aren't such server variables to grab.
> 
> > 2) Would the storedauthname.php script work with "http
> > authentication?" From the documentation it appears that it's meant to 
> > work specifically with "AuthUser"
> 
> It might -- I haven't tried it.
> 
> > Would a possible approach be to use LDAP to grab the display name
> > (i.e. author name) from the login name?  I can't however do an 
> > anonymous bind to my LDAP server -- but I have credentials with which 
> > to make a non-anonymous request.
> 
> Sure, that would be possible; it isn't even difficult.  It might even be
> worth a change to the core to support this automatically.
> 
> Pm
> 
> > -----Original Message-----
> > From: pmwiki-users-bounces at pmichaud.com
> > [mailto:pmwiki-users-bounces at pmichaud.com] On Behalf Of Hartl, Bob
> > Sent: Friday, May 19, 2006 2:58 PM
> > To: Patrick R. Michaud
> > Cc: pmwiki-users at pmichaud.com
> > Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> > 
> > 
> > Hello Patrick,
> >  
> > I do not have httpauth.php in my config.php -- this must be what I'm
> > missing -- thanks!  I just read the documentation that says PmWiki 2 
> > uses sesson-based authentication by default.
> >  
> > The documentation describes http authentication as HTTP-Basic
> > authentication.  My pmwiki website is using "basic authentication" 
> > (anonymous is disabled).  I'm using "basic authentication" for testing
> > -- but my real goal is to use "integrated windows authentication" as I
> 
> > have a Windows domain environment.  Can I expect that PmWiki's http
> > authentication will work for "integrated windows authentication" as 
> > well as "basic authentication?"  Perhaps I'll find out the answer to 
> > this when I test it.
> >  
> > Thanks again!
> > Bob Hartl
> > 
> > ________________________________
> > 
> > From: Patrick R. Michaud [mailto:pmichaud at pobox.com]
> > Sent: Fri 5/19/2006 7:09 AM
> > To: Hartl, Bob
> > Cc: pmwiki-users at pmichaud.com
> > Subject: Re: [pmwiki-users] HTTP Authentication and use of login name
> > 
> > 
> > 
> > On Thu, May 18, 2006 at 03:12:44PM -0700, Hartl, Bob wrote:
> > > I'm a new user of PmWiki.  I installed PmWiki on Windows using
> > > ISAPI.
> > > So far so good!  I'm using HTTP authentication and I've had success
> in
> > 
> > > getting the authenticated login name from REMOTE_USER -- i.e. PmWiki
> 
> > > fills the Author field with this login name.  (I followed advice in 
> > > Cookbook:RequireAuthor, section HTTP authentication.)
> > >
> > > I have a WikiGroup, for which I have restricted editing to selected 
> > > login names (as they appear using REMOTE_USER).  My hope is that if 
> > > the user's login name is one of those permitted-to-edit login names,
> 
> > > then the user is able to immediately edit (without any intervening
> > login form
> > > from PmWiki).   But I am getting the login form (username and
> > password).
> > > It seems like I should be able to do this.  Am I missing something 
> > > easy?
> > 
> > How do you have your site configured for HTTP authentication -- are
> > you using the httpauth.php script in your config.php?
> > 
> > With what you've described, I don't think that an author should be
> > getting the password prompt after being logged in.  But I'd need to 
> > know a few more details of the setup first.
> > 
> > Pm
> > 
> > 
> > 
> > _______________________________________________
> > pmwiki-users mailing list
> > pmwiki-users at pmichaud.com
> > http://host.pmichaud.com/mailman/listinfo/pmwiki-users
> > 
> 
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://host.pmichaud.com/mailman/listinfo/pmwiki-users
>

More information about the pmwiki-users mailing list