[pmwiki-users] Site.AuthList Questions

Neil Herber (nospam) nospam at eton.ca
Sun Jun 24 17:58:41 CDT 2007


On 2007-06-24 Tegan Dowling is rumoured to have said:
>     I would be interested in how other admins do this or if there
>     are any "best practices" recommendations...
> 
>     A simple text file on one's own box?
>     A protected page on the wiki?
> 
> 
> Good question -- I'd be interested in hearing what others do, too.  I have an Admin wikigroup, which requires an admin password to read.  One of its pages  contains the following:

For the wikis that I really want to protect, I use Apache Basic 
Authentication. On the web server there is a password file (usually 
named .htpasswd) that Apache uses for authenticating users. The 
passwords are encrypted.

Because I have very tight control over a relatively small group of 
users, I keep a handwritten list of usernames and passwords in clear 
text. This list is hidden in my office. As Tegan said, I highly doubt 
this could be considered a "best practice". But is is unhackable from 
the net. ;-)

Once the users are authenticated, I use the native authuser mechanism to 
grant access to particular pages. So on the Site.AuthUser page I have a 
list of groups like so:

@Group1: Neil, Patrick, Tegan
@Group2: Neil, Patrick, Alice, Bob, Chuck
@Group3: Neil, Jim, Kyle, Linda

... and so on.

Just to add excitement and confusion to the whole mess, I actually use 
the AuthUser groups to grant access to particular page groups. So, for 
example, on the page:
PageGroupA/GroupAttributes?action=attr
I set the read attribute to one or more of the AuthUser groups, such as 
@Group2.

This has served me very well for several years now.

-- 
Neil Herber
Corporate info at http://www.eton.ca/



More information about the pmwiki-users mailing list