[pmwiki-users] Site.AuthList Questions
Neil Herber (nospam)
nospam at eton.ca
Sun Jun 24 17:58:41 CDT 2007
On 2007-06-24 Tegan Dowling is rumoured to have said:
> I would be interested in how other admins do this or if there
> are any "best practices" recommendations...
>
> A simple text file on one's own box?
> A protected page on the wiki?
>
>
> Good question -- I'd be interested in hearing what others do, too. I have an Admin wikigroup, which requires an admin password to read. One of its pages contains the following:
For the wikis that I really want to protect, I use Apache Basic
Authentication. On the web server there is a password file (usually
named .htpasswd) that Apache uses for authenticating users. The
passwords are encrypted.
Because I have very tight control over a relatively small group of
users, I keep a handwritten list of usernames and passwords in clear
text. This list is hidden in my office. As Tegan said, I highly doubt
this could be considered a "best practice". But is is unhackable from
the net. ;-)
Once the users are authenticated, I use the native authuser mechanism to
grant access to particular pages. So on the Site.AuthUser page I have a
list of groups like so:
@Group1: Neil, Patrick, Tegan
@Group2: Neil, Patrick, Alice, Bob, Chuck
@Group3: Neil, Jim, Kyle, Linda
... and so on.
Just to add excitement and confusion to the whole mess, I actually use
the AuthUser groups to grant access to particular page groups. So, for
example, on the page:
PageGroupA/GroupAttributes?action=attr
I set the read attribute to one or more of the AuthUser groups, such as
@Group2.
This has served me very well for several years now.
--
Neil Herber
Corporate info at http://www.eton.ca/
More information about the pmwiki-users
mailing list