Traduction à compléter

administrateurs (intermédiaire) Auth User est le système PmWiki d’autorisation basé sur un système d’identification qui permet d’accéder aux pages à travers l’usage de noms d’utilisateurs et de mots de passe. AuthUser peut être utilisé en plus du système par défaut comportant uniquement des mots de passe.

Auth User is a very flexible system for managing access control on pages, but flexibility can also bring complexity and increased maintenance overhead to the wiki administrator. This is why PmWiki defaults to the simpler password-based system. For some thoughts about the relative merits of the two approaches, see PmWiki:ThoughtsOnAccessControl.

Activer Auth User

Pour activer le système PmWiki d’autorisation basé sur l’identité, ajouter la ligne suivante au fichier local/config.php: :

include_once(“$FarmD/scripts/authuser.php”);

Créer des comptes utilisateurs

La plus grande partie de la configuration de Auth User est faite via la page Site.AuthUser. Pour changer la configuration de Auth User, il faut simplement éditer cette page comme toute autre page du wiki (vous devriez normalement avoir besoin du mot de passe du site pour celà).

Pour créer un compte login, ajouter simplement des lignes à la page Site.Auth User qui sont définies comme suit:

username: (:encrypt password:)

Par exemple, pour créer un compte login pour “alice” avec un mot de passe “mondemerveilleux”, enter:

alice: (:encrypt mondemerveilleux:)

Quand la page sera sauvée, la partie du texte “(:encrypt mondemerveilleux:)” sera remplacée par une forme encryptée du mot de passe “mondemerveilleux”. Ce cryptage est fait de manière à ce que quelqu’un regardant la page Site.Auth User ne puisse pas aisément trouver le mot de passe stocké dans la page.

Pour une meilleure sécurité, mettre un mot de passe en lecture sur la page Site.Auth User.

Pour le changement ou la mise à zéro d’un mot de passe de compte, remplacez simplement la chaîne cryptée par une autre directive (:encrypt:).

Contrôler l’accès aux pages par login

Pages and groups can be protected based on login account by using “passwords” of the form id:username in the password fields of ?action=attr (see PmWiki.Passwords). For example, to restrict a page to being edited by Alice, one would set the password to “id:alice”.

It’s possible to use multiple “id:” declarations and passwords in the ?action=attr form, thus the following setting would allow access to Alice, Carol, and anyone who knows the password “quick”:

quick id:alice,carol

To allow access to anyone that has successfully logged in, use “id:*”.

One can also perform site-wide restrictions based on identity in the $DefaultPasswords array: e.g.

# require valid login before viewing pages $DefaultPasswords[‘read’] = ‘id:*’; # Alice and carol may edit $DefaultPasswords[‘edit’] = ‘id:alice,carol’; # All admins and Fred may edit $DefaultPasswords[‘edit’] = array(‘ <at> admins’, ‘id:Fred’);

You can change the $DefaultPasswords array in local customization files such as:

Organiser les compte par groupes

Auth User also makes it possible to group login accounts together into authorization groups, indicated by a leading “@” sign. As with login accounts, group memberships are maintained by editing the Site.Auth User page. Group memberships can be specified by either listing the groups for a login account (person belongs to groups) or the login accounts for a group (group includes people). You can repeat or mix-and-match the two kinds as desired:

@writers: alice, bob carol: @writers, @editors @admins: alice, dave

Then, to restrict page access to a particular group, simply use “@group” as the “password” in ?action=attr or the $DefaultPasswords array, similar to the way that “id:username” is used to restrict access to specific login accounts.

Exclure des individus des groupes de mots de passe

Group password memberships are maintained by editing the Site.Auth User page. To specify a password group that allows access to anyone who is authenticated, you can specify:

@wholeoffice: *

If you need to keep “Fred” out of this password group, you might try:

@wholeoffice: *, -Fred

… but this does not work. You can, however, get the desired result by using the first setting (@wholeoffice: *) on the Site.Auth User page and then setting the password for the page or group you wish to protect in ?action=attr or the $DefaultPasswords array to “id:*, -Fred”.

Obtenir les noms des comptes et les mots de passe depuis des sources externes

The Auth User script has the capability of obtaining username/password pairs from places other than the Site.Auth User page, such as passwd-formatted files (usually called ‘.htpasswd’ on Apache servers), LDAP servers, or even the local/config.php file.

Passwd-formatted files (.htpasswd)

Passwd-formatted files, commonly called .htpasswd files in Apache, are text files where each line contains a username and an encrypted password separated by a colon. A typical .htpasswd file might look like:

alice:vK99sgDV1an6I carol:Q1k Se Nc Tfwqjs?

To get Auth User to obtain usernames and passwords from a .htaccess file, add the following line to Site.Auth User, replacing “/path/to/.htpasswd” with the filesystem path of the .htpasswd file:

htpasswd: /path/to/.htpasswd

Creation and maintenance of the .htpasswd file can be performed using a text editor, or any number of other third-party tools available for maintaining .htpasswd files. The Apache web server typically includes an htpasswd command for creating accounts in .htpasswd:

$ htpasswd /path/to/.htpasswd alice New password: Re-type new password: Adding password for user alice $

Configuration via local/config.php

Auth User configuration settings can also be made from the local/config.php file in addition to the Site.Auth User page. Such settings are placed in the $AuthUser array, and must be set prior to including the authuser.php script. Some examples:

# set a password for alice $AuthUser[‘alice’] = crypt(‘wonderland’); # set a password for carol $AuthUser[‘carol’] = ‘$1$CknC8zAs$dC8z2vu3UvnIXMfOcGDON0′; # Use local/.htpasswd for usernames/passwords $AuthUser[‘htaccess’] = ‘local/.htpasswd’;

Définir le nom de l’auteur

By default, PmWiki will use a login name in the Author field of the edit form, but allows the author to change this value prior to saving. To force the login name to always be used as the author name, use the following sequence to activate Auth User:

include_once(“$FarmD/scripts/authuser.php”); $Author = $AuthId;

Voir aussi

« Administration des mots de passe | Index Doc Admin | Administration des envois sur le site »


. Traduction de PmWiki.AuthUser Page originale sur PmWikiFr.AuthUser - Référencé par
Dernières modifications:
PmWikiFr.AuthUser: 13 novembre 2006 à 13h13
PmWiki.AuthUser: 15 décembre 2006 à 08h12

Éditer page - Historique - Imprimable - Changements récents - Aide - RechercheWiki
Page last modified on 13 novembre 2006 à 13h13