From b6d00070a556e68d8e79eb5d64fe7a5ad2dbda18 Mon Sep 17 00:00:00 2001 From: nil Date: Fri, 11 Jun 2010 02:45:14 +0000 Subject: [PATCH] use the ikiwiki userdb outside of the ikiwiki edition access control --- doc/todo/htpasswd_mirror_of_the_userdb.mdwn | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 doc/todo/htpasswd_mirror_of_the_userdb.mdwn diff --git a/doc/todo/htpasswd_mirror_of_the_userdb.mdwn b/doc/todo/htpasswd_mirror_of_the_userdb.mdwn new file mode 100644 index 000000000..0582a6f7a --- /dev/null +++ b/doc/todo/htpasswd_mirror_of_the_userdb.mdwn @@ -0,0 +1,17 @@ +[[!tag wishlist]] + +Ikiwiki is static, so access control for viewing the wiki must be implemented on the web server side. Managing wiki users and access together, we can currently + +* use [[httpauth|plugins/httpauth/]], but some [[passwordauth|plugins/passwordauth]] functionnality [[is missing|todo/httpauth_feature_parity_with_passwordauth/]]; +* use [[passwordauth|plugins/passwordauth]] plus [[an Apache `mod_perl` authentication mechanism|plugins/passwordauth/discussion/]], but this is Apache-centric and enabling `mod_perl` just for auth seems overkill. + +Moreover, when ikiwiki is just a part of a wider web project, we may want to use the same userdb for the other parts of this project. + +I think an ikiwiki plugin which would (re)generate an htpasswd version of the user/passwd base (better, two htpasswd files, one with only the wiki admins and one with everyone) each time an user is added or modified would solve this problem: + +* access control can be managed from the web server +* user management is handled by the passwordauth plugin +* htpasswd format is understood by various servers (Apache, lighttpd, nginx, ...) and languages commonly used for web development (perl, python, ruby) +* htpasswd files can be mirrored on other machines when the web site is distributed + +-- [[nil]] -- 2.39.5