|
Cookbook /
AuthDNSSummary: Password-less authentication based on the visitor's IP address or (dynamic) hostname
Version: 20110603
Prerequisites: AuthUser
Status: Beta
Maintainer: Petko
Discussion: AuthDNS-Talk
License: GPL3+
DescriptionPassword-less authentication based on the visitor's IP address or (dynamic) hostname. The recipe automatically logs in a visitor coming from a specified IP address, from a range of IP addresses or from a specified DNS hostname, without the need to provide a password. It applies a username and/or user groups that will be managed by AuthUser. The recipe is based on an earlier script by Oliver Betz. A visitor coming from a predefined IP address will be automatically logged in. All other visitors will be redirected to the login form where they can log in with their usernames. To be used with Dynamic DNS, the recipe can resolve a list of hostnames. Since this is a slow operation, it should be limited to few entries. InstallationCopy authdns.phpΔ to your cookbook directory (alt. download: authdns.php). Add to config.php, before including authuser.php, such a line: include_once("ConfigurationThe list of known IP addresses and hostnames is in the page SiteAdmin.AuthDNS. The format is: # IP addresses and ranges 192.168.0.2: id:Username @group1 @group2 192.168.0.*: @group3 @group4 # hostnames some-lan-host: id:OtherUser @group1 foobar.dyndns.org: id:Boss @direction A few things can be configured for the script in config.php.
The functions that convert between IP<->hostname are quite slow, each address can take several seconds. For the fastest processing:
UsageThe recipe will be started when the wiki is requested with an action ?action=authdns. You can bookmark such a link, or you can add one in your SideBar or PageActions: You can automatically log in all visitors with the following code in config.php:
@session_start();
if(!isset($_SESSION["AuthSessDNS"]))
if (!preg_match('/^(login|logout|authdns)$/', $action))
Redirect(ResolvePageName($pagename), '$PageUrl?action=authdns');
Note that this can only be useful in 3 cases: (1) your full wiki is read-protected, (2) the wiki is on a LAN server, and all visitors are editors, or (3) you have a special configuration where PmWiki is the editing backend of a website with a different URL from the public website, and only editors go there. NotesWhen a user or a group has a fixed IP address, it is much faster to use this address in SiteAdmin.AuthDNS instead of a hostname. IP addresses and IP ranges are times faster than DNS hostname checks. Note about security. The recipe relies on IP addresses and DNS hostnames which are not always fixed and secure. A user may have authenticated with a dynamic DNS provider, but when the valid user is disconnected from the internet, DynDNS will continue to broadcast the last valid IP address. It is possible that a different person gets that last IP address, while the valid user is offline. You should estimate whether this is a security risk. Other notes:
Change log / Release notes
See alsoContributors
CommentsSee discussion at AuthDNS-Talk User notes +2 -1: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki. |