X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/92a6f2e5e88b513ceaa1b9083ddbf6e928122893..aa4a31f75b0a59dde6edc51da6a166ad4f1c78d6:/doc/plugins/httpauth.mdwn diff --git a/doc/plugins/httpauth.mdwn b/doc/plugins/httpauth.mdwn index 77796a3d7..b2f789b8e 100644 --- a/doc/plugins/httpauth.mdwn +++ b/doc/plugins/httpauth.mdwn @@ -2,7 +2,9 @@ [[!tag type/auth]] This plugin allows HTTP basic authentication to be used to log into the -wiki. +wiki. In this mode, the web browser authenticates the user by some means, +and sets the `REMOTE_USER CGI` environment variable. This plugin trusts +that if that variable is set, the user is authenticated. ## fully authenticated wiki @@ -14,12 +16,31 @@ signed into the wiki. This method is suitable only for private wikis. ## separate cgiauthurl To use httpauth for a wiki where the content is public, and where -the `ikiwiki.cgi` needs to be usable without authentication (for searching -and so on), you can configure a separate url that is used for -authentication, via the `cgiauthurl` option in the setup file. This -url will then be redirected to whenever authentication is needed. +the `ikiwiki.cgi` needs to be usable without authentication (for searching, +or logging in using other methods, and so on), you can configure a separate +url that is used for authentication, via the `cgiauthurl` option in the setup +file. This url will then be redirected to when a user chooses to log in using +httpauth. A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi` into it. Then configure the web server to require authentication only for access to the `auth` subdirectory. Then `cgiauthurl` is pointed at this symlink. + +## using only httpauth for some pages + +If you want to only use httpauth for editing some pages, while allowing +other authentication methods to be used for other pages, you can +configure `httpauth_pagespec` in the setup file. This makes Edit +links on pages that match the [[ikiwiki/PageSpec]] automatically use +the `cgiauthurl`, and prevents matching pages from being edited by +users authentication via other methods. + +## Using httpauth with nginx + +You have to pass the $remote_user variable to the CGI: + + location /ikiwiki.cgi { + fastcgi_param REMOTE_USER $remote_user if_not_empty; + .... + }