00010: user-based authorization

Summary: user-based authorization
Created: 2004-08-27 06:20
Status: Closed
Category: Feature
From: Pm
Priority: 55555 55555 55555 55554 4421

Description: Many sites would like to have authentication by user instead of by shared passwords (as PmWiki does now by default).

UserAuth does this. BenWilson

And quite nicely too. I would like to see the 'official' specification extended in two ways:

  1. support for user groups, so that permissions can be granted to a group as well as a user (it should be possible to make users members of multiple groups)
  2. support for exclusion-permissions, i.e. if a user has read_all or edit_PageNameGroup, it should be possible to set permissions like noread_group-PageGroup or noedit_page-PageName (using notation similar to Cookbook/UserAuth) - only admin would beat noread or noedit. Presumably for competing permissions at the same level the 'permissive' one should win. shi

Urmil: I wrote a wrapper code that handles authorization and disables edit/post/... actions if the user is not authorized. The script is simple (and to be ported for PmWiki2), but doesn't support page / group wise restrictions. Please keep this in mind if you write authorization script.

Also, it will be good if there is an option to use username / password from Apache style .htpasswd file.

See also 00109 password protect uploads --Henning December 01, 2004, at 07:45 AM

I use HTTP-Authentication for user management on some PmWiki wikis that run on Apache servers. I wrote a Quick Step Guide with instructions on how to setup authentication using .htaccess / .htpasswd. It's easy once you get the hang of it.

Author tracking is enforced by the following line in the (PmWiki ver. 1) local configuration file.



I use the SiteAdmin.AuthUser page to create user accounts at my wiki. Now, I have three on there now (big site, really). Two I created some time ago (like 2 years ago, or something) that are functioning correctly, but a third that I've recently created, and I can't get this guy working. I have entered and re-entered various times, the same as for the others:

# username (:encrypt somepassword :)
  1. username $1$o4iUYvYF$cZh46pfprMsAIDEhRs.kQ1

and the guy can't get in with the assigned username and password.

I am confused by this.

This site is running pmwiki-2.2.27 (VersionNum=2002027).

tonybaldwin September 24, 2011, at 02:36 PM

It is not # username $1$password but username: $1$password, that is no # at the beginning of the line, and a column after the username. --Petko September 24, 2011, at 03:09 PM

Yes, sir, you are correct, and I regret neglecting the : here, but I do have that on my site with the colon. tonybaldwin September 25, 2011, at 10:53 AM