80 lines
3.1 KiB
Markdown
80 lines
3.1 KiB
Markdown
It's a bit inconvenient that one also has to type in the
|
|
*Login - Confirm Password* if one only wants to change
|
|
the *Preferences -- Subscriptions*. --[[tschwinge]]
|
|
|
|
> You don't. The password fields on the preferences fields are only needed
|
|
> if you want to change your password and should otherwise be left blank.
|
|
> --[[Joey]]
|
|
|
|
>> Aha, then the problem is Firefox, which is automatically filling the
|
|
>> *Password* field with its previous value, but not filling the
|
|
>> *Confirm Password* one. --[[tschwinge]]
|
|
|
|
## easy access to the userdb for apache auth?
|
|
|
|
My use case is:
|
|
|
|
* restricted ikiwiki
|
|
* read/edit only allowed from the local network (done with apache restrictions)
|
|
* edit only for people authenticated (done with vanilla ikiwiki passwordauth)
|
|
|
|
I would like to allow people to read/edit the wiki from outside of the
|
|
local network, if and only if they already have an ikiwiki account.
|
|
|
|
[[httpauth]] doesn't fit since it doesn't allow anonymous local users
|
|
to create their own account. I want a single, local, simple auth
|
|
database.
|
|
|
|
My (naïve?) idea would be:
|
|
|
|
* keep the [[passwordauth]] system
|
|
* provide a way for Apache to use the userdb for authentication if
|
|
people want to connect from outside
|
|
|
|
I looked at the various auth modules for apache2. It seems that none
|
|
can use a "perl Storable data" file. So, I think some solutions could
|
|
be:
|
|
|
|
* use a sqlite database instead of a perl Storable file
|
|
* can be used with
|
|
[mod_auth_dbd](http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html)
|
|
* requires a change in ikiwiki module [[passwordauth]]
|
|
* use an external program to read the userdb and talk with
|
|
[mod_auth_external](http://unixpapa.com/mod_auth_external.html)
|
|
* requires the maintainance of this external auth proxy over ikiwiki
|
|
userdb format changes
|
|
* (I don't know perl)
|
|
* include this wrapper in ikiwiki
|
|
* something like `ikiwiki --auth user:pass:userdb` check the
|
|
`user:pass` pair in `userdb` and returns an Accept/Reject flag to
|
|
Apache
|
|
* requires a change in ikiwiki core
|
|
* still requires
|
|
[mod_auth_external](http://unixpapa.com/mod_auth_external.html)
|
|
* do it with Apache perl sections
|
|
* (I don't know perl)
|
|
|
|
Any opinion/suggestion/solution to this is welcome and appreciated.
|
|
|
|
--
|
|
[[NicolasLimare]]
|
|
|
|
For a similar use case, I've been intending to implement
|
|
[[todo/httpauth_feature_parity_with_passwordauth]], but your idea may
|
|
actually be the way to go. IMHO, the Perl sections idea is the
|
|
easiest to setup, but on the long run, I'd prefer ikiwiki to optionnally
|
|
use a userdb storage backend supported at least by Apache and lighttpd.
|
|
--[[intrigeri]]
|
|
|
|
Tons of CPAN modules may help, but most of them are specific to `mod_perl`,
|
|
and AFAIK, ikiwiki is generally not run with `mod_perl`. It's not clear to me
|
|
wether these modules depend on the webapp to be run with `mod_perl` set
|
|
as the script handler, or only on `mod_perl` to be installed and loaded.
|
|
|
|
* CPAN's `Apache::AuthenHook` allows to plug arbitrary Perl handlers as
|
|
Apache authentication providers.
|
|
* CPAN's `Apache::Authen::Program` (`mod_perl`)
|
|
* [http://www.openfusion.com.au/labs/mod_auth_tkt/](mod_auth_tkt) along with CPAN's
|
|
`Apache::AuthTkt`
|
|
--[[intrigeri]]
|