[pmwiki-users] Authentication confusion

Kathryn Andersen kat_lists at katspace.homelinux.org
Thu Jun 8 22:37:27 CDT 2006 

On Sun, Jun 04, 2006 at 04:11:45PM -0500, Patrick R. Michaud wrote:
> To then prevent changes to the "author" field:
> 
>     include_once('scripts/httpauth.php');
>     include_once('scripts/authuser.php');
>     AuthUserId($pagename, $AuthId);
>     $Author = $AuthId;

Hello, this is someone else other than the original, poster, but I
thought I'd try this, to get http authentication with mod_auth_pam.
However, things are not working for me.  I'm sure I must have missed
something, but I don't know what...

System:
GenToo Linux
Apache 2.0.55
PHP 5.1.4 (with mod_php)
mod_auth_pam 
PmWiki 2.1.10

The site in question is my personal play area on the local machine, (set
up as a Virtual Host) where I dump files and test things out (including
PmWiki).

local/config.php settings:

$DefaultPasswords['admin'] = <secret password>;
$DefaultPasswords['edit'] = 'id:*';
# Read is NOT password-protected

$EnableRemoteUserAuth = 1;
$EnableHTTPBasicAuth = 1;
include_once("$FarmD/scripts/httpauth.php");
$EnablePostAuthorRequired = 1;
include_once("$FarmD/scripts/authuser.php");

##  Tell AuthUser to use the $AuthId value from HTTP                        
AuthUserId($pagename, $AuthId);

# the author is the author id
$Author = $AuthId;

Symptoms:

A) If I have previously authenticated with Apache on another part of the
site (outside the wiki area), I can edit fine, without being prompted for a password.
I assume that's because I have EnableRemoteUserAuth set to true.

B) If I haven't previously been authenticated, when I try to edit a
page, up pops the usual Apache authentication window, and I type in a
valid user and password, and click Okay, and the same window pops up
again.  And again.
I can't find anything in the error logs about it, either.

C) If I haven't previously been authenticated, try to edit a page, type
in my username and the ADMIN password, I can edit the page.  I assume
this is because admin abilities trump edit abilities, and I have a
DefaultPassword set for admin, and PmWiki allows passwords to trump IDs.

What am I doing wrong?  Or is it the case that one can't use HTTP
authentication unless one puts read-protection via Apache onto the whole
wiki?  (Thus making the Apache authentication happen first, and one would
be in scenario A).  But I don't want to do that, because I don't want
read-protection on this, only edit-protection.

Kathryn Andersen
-- 
 _--_|\     | Kathryn Andersen	<http://www.katspace.com>
/      \    | 
\_.--.*/    | GenFicCrit mailing list <http://www.katspace.com/gen_fic_crit/>
      v     | 
------------| Melbourne -> Victoria -> Australia -> Southern Hemisphere
Maranatha!  |	-> Earth -> Sol -> Milky Way Galaxy -> Universe

More information about the pmwiki-users mailing list