Attached is a patch enabling ikiwiki to optionally use HTTP authentication in place of storing usernames and passwords for each user.
If 'httpauth' is set to 1 in the setup file, the CGI wrapper will silently use the REMOTE_USER ENV variable as the CGI::Session's "name" parameter instead of redirecting the user to a login page. I have been using this for several days to allow users with LDAP accounts full read/write access to a wiki. The only problem I have encountered is that the Preferences page does not work correctly; it gives an incorrect password error when trying to change subscriptions and locked pages.
=== IkiWiki/Wrapper.pm
==================================================================
--- IkiWiki/Wrapper.pm (revision 1460)
+++ IkiWiki/Wrapper.pm (revision 1461)
@@ -28,7 +28,7 @@
my @envsave;
push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
- HTTP_COOKIE} if $config{cgi};
+ HTTP_COOKIE REMOTE_USER} if $config{cgi};
my $envsave="";
foreach my $var (@envsave) {
$envsave.=<<"EOF"
=== IkiWiki/CGI.pm
==================================================================
--- IkiWiki/CGI.pm (revision 1460)
+++ IkiWiki/CGI.pm (revision 1461)
@@ -643,6 +643,7 @@
# Everything below this point needs the user to be signed in.
if (((! $config{anonok} || $do eq 'prefs') &&
+ (! $config{httpauth}) &&
(! defined $session->param("name") ||
! userinfo_get($session->param("name"), "regdate"))) || $do eq
'signin') {
cgi_signin($q, $session);
@@ -654,6 +655,14 @@
return;
}
+
+ if ($config{httpauth} && (! defined $session->param("name"))) {
+ if (! defined $q->remote_user()) {
+ error("Could not determine authenticated username.");
+ } else {
+ $session->param("name", $q->remote_user());
+ }
+ }
if ($do eq 'create' || $do eq 'edit') {
cgi_editpage($q, $session);
=== doc/ikiwiki.setup
==================================================================
--- doc/ikiwiki.setup (revision 1460)
+++ doc/ikiwiki.setup (revision 1461)
@@ -86,6 +86,8 @@
#locale => 'en_US.UTF-8',
# Only send cookies over SSL connections.
#sslcookie => 1,
+ # Use HTTP Authentication instead of Ikiwiki's.
+ #httpauth => 1,
# Logging settings:
verbose => 0,
syslog => 0,
=== ikiwiki.pl
==================================================================
--- ikiwiki.pl (revision 1460)
+++ ikiwiki.pl (revision 1461)
@@ -47,6 +47,7 @@
"adminemail=s" => \$config{adminemail},
"timeformat=s" => \$config{timeformat},
"sslcookie!" => \$config{sslcookie},
+ "httpauth!" => \$config{httpauth},
"exclude=s@" => sub {
$config{wiki_file_prune_regexp}=qr/$config{wiki_file_prune_regexp}|$_[1]/;
},
=== IkiWiki.pm
==================================================================
--- IkiWiki.pm (revision 1460)
+++ IkiWiki.pm (revision 1461)
@@ -62,6 +62,7 @@
timeformat => '%c',
locale => undef,
sslcookie => 0,
+ httpauth => 0,
} #}}}
sub checkconfig () { #{{{
signature.asc
Description: Digital signature
