Password-less authentication based on the visitor's IP address or (dynamic) hostname.
The recipe automatically logs in a visitor coming from a specified IP address, from a range of IP addresses or from a specified DNS hostname, without the need to provide a password. It applies a username and/or user groups that will be managed by AuthUser.
A visitor coming from a predefined IP address will be automatically logged in. All other visitors will be redirected to the login form where they can log in with their usernames.
To be used with Dynamic DNS, the recipe can resolve a list of hostnames. Since this is a slow operation, it should be limited to few entries.
The list of known IP addresses and hostnames is in the page SiteAdmin.AuthDNS. The format is:
# IP addresses and ranges 192.168.0.2: id:Username @group1 @group2 192.168.0.*: @group3 @group4 # hostnames some-lan-host: id:OtherUser @group1 foobar.dyndns.org: id:Boss @direction
A few things can be configured for the script in config.php.
The functions that convert between IP<->hostname are quite slow, each address can take several seconds. For the fastest processing:
The recipe will be started when the wiki is requested with an action ?action=authdns. You can bookmark such a link, or you can add one in your SideBar or PageActions:
You can automatically log in all visitors with the following code in config.php:
@session_start(); if(!isset($_SESSION["AuthSessDNS"])) if (!preg_match('/^(login|logout|authdns)$/', $action)) Redirect(ResolvePageName($pagename), '$PageUrl?action=authdns');
Note that this can only be useful in 3 cases: (1) your full wiki is read-protected, (2) the wiki is on a LAN server, and all visitors are editors, or (3) you have a special configuration where PmWiki is the editing backend of a website with a different URL from the public website, and only editors go there.
When a user or a group has a fixed IP address, it is much faster to use this address in SiteAdmin.AuthDNS instead of a hostname. IP addresses and IP ranges are times faster than DNS hostname checks.
Note about security. The recipe relies on IP addresses and DNS hostnames which are not always fixed and secure. A user may have authenticated with a dynamic DNS provider, but when the valid user is disconnected from the internet, DynDNS will continue to broadcast the last valid IP address. It is possible that a different person gets that last IP address, while the valid user is offline. You should estimate whether this is a security risk.
Change log / Release notes
See discussion at AuthDNS-Talk