This is the default configuration page for PmWiki's identity-based authorizations (aka "authuser"). AuthUser is a very flexible system for managing access to pages, but with flexibility can also come complexity. We'll try to walk through it here.

At present this site doesn't appear to have the authuser extensions enabled. To enable them, add the line include_once("$FarmD/scripts/authuser.php"); to your local/config.php file. (See PmWiki.LocalCustomizations.)

Authentication

Authentication from external sources (uncomment out appropriate line(s)):

  # htpasswd: /filesystem/path/to/.htpasswd
  # ldap: ldap://ldap.example.com/ou=People,o=example?uid?sub
  # mysql: mysql://[username:password]@localhost/db/table?user,passwd

Usernames and encrypted passwords specified directly (encrypted strings can be obtained from ?action=crypt:

  # alice: $1$NHrURcZQ$QexZSitx4bmFQmmFOVQmG.  ("alicesecret")
  # bob: $1$kai8n1r0$srMjkIR8oUR.fvSGGP7LZ/ ("bobsecret")

Authorization

To authorize individuals to specific pages or groups, use "id:name" when specifying a password using ?action=attr. (See PmWiki.Passwords.)

To allow any authenticated person, use "id:*". To set default site-wide authorizations, use $DefaultPasswords in local/config.php:

  $DefaultPasswords['read'] = 'id:*';
  $DefaultPasswords['edit'] = 'id:alice id:bob';
  $DefaultPasswords['admin'] = 'id:alice';

Authorization groups

This page can be used to define custom authorization groups (indicated by a leading "@" sign):

  # @editors: alice,bob
  # charlie: @editors,@visitors
  # @admins: alice, dave

To restrict a page or group of pages to an authorization group, use "@group" as a password in ?action=attr for the page or GroupAttributes page. For sitewide groups, use $DefaultPasswords in local/config.php:

  $DefaultPasswords['edit'] = '@editors';
  $DefaultPasswords['admin'] = '@admins';