On 2007-06-25 Sivakatirswami is rumoured to have said: > Looking at Neils system, it's clear enough, but I don't see this as very > scaleable. > I'm already using Apache Basic Authentication now for about 12 users and > I don't > like it... I have one layer of web server task in PLESK (going into the > domain, > adding users and passwords for each one) and then it appears one > then has another layer to maintain at Site.Authuser and you *still* > are have to set attributes for any given page or group, and then your > manually maintained list: that's 4 layers! with PM native system > i) set group-page attributes > ii) make a note on your manually maintained list > > that's only two layers.
I am not sure that I can answer all of your questions, but this is my attempt ... PmWiki passwords without AuthUser does not authenticate the user. I need to know who has done what and be sure that it really was the person it was supposed to be. Hence my choice of Apache BA. I could just use PmWiki AuthUser, because that *does* authenticate the user. However, it does not protect anything "outside" of the wiki. In my case, I have file libraries that live outside of the wiki. For example: neil.eton.ca/libraries/ neil.eton.ca/wiki/ I use Apache BA to protect the entire site, not just the wiki content. If everything lives inside your wiki, then I would suggest using AuthUser alone. You can set up the username/password pairs and set groups as well. If you want to have different users or groups have different access privilages, then I cannot see any way around using group attribute passwords. The manual list is just a backup. I simply add new username and password combinations to the end of the list. The real control is maintained by the Apache .htpasswd file, or, of you take my suggestion above, by Site.AuthUser. One other feature I really like about Apache BA versus AuthUser is that the .htaccess file is unservable. The Site.AuthUser page is servable, and hence more vulnerable (but not much I suspect). To reiterate, I use Apache BA to authenticate the users, then I can use AuthUser to assign permissions to particular users by name, without needing their passwords. -- Neil Herber Corporate info at http://www.eton.ca/ _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users