1234567891011 |
- version=pmwiki-2.1.23 ordered=1 urlencoded=1
- agent=Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.0.6) Gecko/20060728 SUSE/1.5.0.6-1.3 Firefox/1.5.0.6
- author=
- csum=move question about setting groups to AuthUser faq
- host=24.1.26.255
- name=PmWiki.PasswordsAdmin
- post= Save
- rev=123
- targets=PmWiki.Passwords,PmWiki.WikiGroup,PmWiki.Security,PmWiki.WikiAdministrator,PmWiki.AuthUser,PmWiki.PasswordsAdmin,PmWiki.ConditionalMarkup,PmWiki.DocumentationIndex
- text=%25audience%25 administrators (basic)%0aPmWiki has built-in support for [[Passwords|password-protecting]] various areas of the wiki site. Passwords can be applied to individual pages, to [[Wiki Group]]s, or to the entire wiki site. Note that the password protection mechanisms described here are only a small part of overall system (and wiki) security, see [[PmWiki.Security]] for more discussion of this.%0a%0aAuthors can use PmWiki to add passwords to individual pages and WikiGroups as described in [[Passwords]]. However, [[WikiAdministrator]]s can also set passwords in ''local/config.php'' as described below.%0a%0a!! Password basics%0a%0aPmWiki supports several levels of access to wiki pages:%0a-> @@read@@ passwords allow viewing the contents of wiki pages%0a-> @@edit@@ passwords control editing and modification of wiki pages%0a-> @@attr@@ passwords control who is able to set passwords on pages (and potentially other future attributes)%0a-> if uploads are enabled, @@upload@@ passwords control uploading of files and attachments%0a%0aFinally, there is an @@admin@@ password that allows an administrator to override the passwords set for any individual page or group.%0a%0aBy default, PmWiki has the following password settings:%0a* The @@admin@@ and @@upload@@ passwords are locked by default.%0a* The Main and PmWiki groups have a locked @@attr@@ password (in their respective `GroupAttributes pages).%0a* The pages in the Site group except `Site.SideBar are locked against editing; by default the Site.SideBar page requires the admin or the site-wide edit password.%0a%0aAn @@admin@@ password can be used to overcome "locked" passwords, other than that, no password will allow access.%0a%0aSee [[Passwords]] for information about setting per-page and per-group passwords. The remainder of this page describes setting site-wide passwords from the ''local/config.php'' file.%0a%0a[[#settingsitewidepasswords]]%0a!! Setting site-wide passwords%0a%0aOne of the first things an admin should do is set an @@admin@@ password for the site. This is done via a line like the following in the ''local/config.php'' file:%0a%0a $DefaultPasswords['admin'] = crypt('secret_password');%0a%0aNote that the crypt() call is required for this -- PmWiki stores and processes all passwords internally as encrypted strings. See the [[#crypt | crypt section]] below for details about eliminating the cleartext password from the configuration file.%0a%0aTo set the entire site to be editable only by those who know an "edit" password, add a line like the following to ''local/config.php'':%0a%0a $DefaultPasswords['edit'] = crypt('edit_password');%0a%0aSimilarly, you can set [@$DefaultPasswords['read']@], [@$DefaultPasswords['edit']@], and [@$DefaultPasswords['upload']@] to control default @@read@@, @@edit@@, and @@upload@@ passwords for the entire site. The default passwords are used only for pages and groups which do not have passwords set. Also, each of the $DefaultPasswords values may be arrays of encrypted passwords:%0a%0a $DefaultPasswords['read'] = array(crypt('alpha'), crypt('beta'));%0a $DefaultPasswords['edit'] = crypt('beta');%0a%0aThis says that either "alpha" or "beta" can be used to read pages, but only the "beta" password will allow someone to edit a page. Since PmWiki remembers any passwords entered during the current session, the "beta" password will allow both reading and writing of pages, while the "alpha" password allows reading only. A person without either password would be unable to view pages at all.%0a%0a!! Identity-based authorization (username/password logins, [[AuthUser]])%0a%0aUnlike many systems which have '''identity-based''' systems for controlling access to pages (e.g., using a separate ''username'' and ''password'' for each person), PmWiki defaults to a ''password-based'' system as described above. In general password-based systems are often easier to maintain because they avoid the administrative overheads of creating user accounts, recovering lost passwords, and mapping usernames to permitted actions.%0a%0aHowever, PmWiki's ''authuser.php'' script augments the password-based system to allow access to pages based on a username and password combination. See [[AuthUser]] for more details on controlling access to pages based on user identity.%0a%0a!!Security holes ...%0a%0aAdministrators need to carefully plan where passwords are applied to avoid opening inadvertent security holes. If your wiki is open (anyone can read and edit), this would not seem to be a concern, '''except''', a malicious or confused user could apply a read password to a group and make the group completely unavailable to all other users. At the very least, even an open wiki should have a site-wide "admin" password and a site-wide "attr" password set in config.php. The ''sample-config.php'' file distributed with PmWiki indicates that the PmWiki and Main groups have "attr" locked by default, but if anyone creates a new group, "attr" is unlocked. Administrators must remember to set "attr" passwords for each new group (if desired) in this case. An easier solution is to include these lines in ''config.php'' :%0a%0a-> [@%0a$DefaultPasswords['admin'] = crypt('youradminpassword');%0a$DefaultPasswords['attr'] = crypt('yourattrpassword');%0a@]%0a%0a!! Encrypting passwords in ''config.php'' [[#crypt]]%0a%0aOne drawback to using the crypt() function directly to set passwords in ''config.php'' is that anyone able to view the file will see the unencrypted password. For example, if ''config.php'' contains%0a%0a $DefaultPasswords['admin'] = crypt('mysecret');%0a%0athen the "mysecret" password is in plain text for others to see. However, a wiki administrator can obtain and use an encrypted form of the password directly by using [@?action=crypt@] on any PmWiki url (or just jump to [[{$Name}?action=crypt]]). This action presents a form that generates encrypted versions of passwords for use in the ''config.php'' file. For example, when [@?action=crypt@] is given the password "@@mysecret@@", PmWiki will return a string like%0a%0a [@$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1@]%0a%0aThe string returned from [@?action=crypt@] can then be placed directly into config.php, as in:%0a%0a $DefaultPasswords['admin'] = [='$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1'=]; %0a%0aNote that in the encrypted form the ''crypt'' keyword and parentheses are removed, since the password is already encrypted. Also, the encrypted password must be in single quotes. In this example the password is still "@@mysecret@@", but somebody looking at ''config.php'' won't be able to see that just from looking at the encrypted form. ''Crypt'' may give you different encryptions for the same password--this is normal (and makes it harder for someone else to determine the original password).%0a%0a!! Removing passwords%0a%0aTo remove a site password entirely, such as the default locked password for uploads, just set it to empty:%0a%0a $DefaultPasswords['upload'] = '';%0a%0aYou can also use the special password "@nopass" via @@?action=attr@@ to have a non-password protected page within a password-protected group, or a non-password protected group with a site-wide default password set.%0a%0a!! Revoking or invalidating passwords%0a%0aIf a password is compromised and the wiki administrator wants to quickly invalidate all uses of that password on a site, a quick solution is the following in ''local/config.php'':%0a%0a $ForbiddenPasswords = array('secret', 'tanstaafl');%0a if (in_array(@$_POST['authpw'], $ForbiddenPasswords)) %0a unset($_POST['authpw']);%0a%0aThis prevents "secret" and "tanstaafl" from ever being accepted as a%0avalid authorization password, regardless of what pages may be%0ausing it.%0a%0a!! See Also%0a%0a* The $HandleAuth array, which sets the required authentication level that is necessary to perform an action.%0a%0a!! Protecting actions (example)%0a%0aEach action can be password protected. Cookbook authors providing scripts with own actions can use this also, but I'll limit the example to a (by default) not protected [@?action=source@]. This action shows the wikisource of the actual page. Sometimes you don't want that especially when using some [[PmWiki/conditional markup]] which should not be discovered easily or only by persons that are allowed to edit the page.%0a%0aThere are several solutions for that:%0a# Limit "source" only to editors add the following to your ''local/config.php'':%0a %0a--> [@$HandleAuth['source'] ='edit';@]%0a%0a# For using "source" with an own password, then add:%0a%0a--> [@$HandleAuth['source'] ='source';@]%0a--> [@$DefaultPasswords['source'] = crypt(secret);@] # ''see above''%0a%0a If you additionally want to set the password in the attributes page add:%0a%0a--> [@$PageAttributes['passwdsource'] = "$['Set new source password']";@]%0a%0aIn general, adding the prefix 'passwd' to an action name in the [@$PageAttributes@] array indicates that you wish for the given field to be encrypted when saved to disk.%0a%0aThe full set of steps to add new password handling for an action such as "diff" would be:%0a%0a->[@%0a# add a new (encrypted) field to the attr page%0a$PageAttributes['passwddiff'] = '$[Set new history password]';%0a%0a# clear the default password for 'diff'%0a$DefaultPasswords['diff'] = '';%0a%0a# Tell PmWiki that the 'diff' password allows action 'diff'.%0a$HandleAuth['diff'] = 'diff';%0a%0a# Tell PmWiki that a 'read' password %0a# (or optionally the 'edit') password%0a# is also sufficient to enable 'diff'.%0a# Of course, the 'admin' password will work too.%0a$AuthCascade['diff'] = 'read'; ## or 'edit'%0a@]%0a%0a%25trail%25%3c%3c|[[DocumentationIndex]]|>>%0a%0a>>faq%3c%3c [[#faq]]%0a%0aQ: There seems to be a default password. What is it? [[#pwlocked]]%0a%0aA: There isn't any valid password until you set one. [[PasswordsAdmin]] describes how to set one.%0a%0aPmWiki comes "out of the box" with $DefaultPasswords['admin'] set to '*'. This doesn't mean the password is an asterisk, it means that default admin password has to be something that encrypts to an asterisk. Since it's impossible for the crypt() function to ever return a 1-character encrypted value, the admin password is effectively locked until the admin sets one in config.php.%0a%0aQ: How do I use passwd-formatted files (like .htpasswd) for authentication?%0a%0aA: See [[AuthUser]] or [[Cookbook:UserAuth]]%0a%0aQ: Is there anything I can enter in a GroupAttributes field to say 'same as the admin password'? If not, is there anything I can put into the config.php file to have the same effect?%0a%0aA: For the sitewide edit password (in config.php), use '@_site_edit'. I haven't tested this, but I think one can also use '@_site_admin', '@_site_read', '@_site_attr', etc. for the other site-wide passwords set in config.php. '@admin' is used to specify the site admin password.%0a%0aQ: How do I edit protect, say, all RecentChanges pages?%0a%0aA: (needs answer)%0a
- time=1157578396
|