From: Reini U. <ru...@x-...> - 2007-08-16 06:26:06
|
Alexander Taler schrieb: > Hi, I have recently installed phpwiki and am having some trouble with httpauth. > Unfortunately my first line of inquiry, the documentation on the website, is > not available to me. For several weeks I have received no response from the > webserver for URLs such as > > http://phpwiki.sourceforge.net/phpwiki > > I've tried a few different browsers from various locations on the internet, so > I don't think this is my problem. Are others having the same problem? It's > kind of important because all the search engines are returning links to such > URLs. Yes, it's broken again and seems to be an issue with the squid cache. I just reverted back to the 1.2.x version. I'll import parts of the content into this version. > With that out of the way, I'll explain my trouble with HttpAuth in the hope > that someone can enlighten me. I'm using PhPWiki 1.3.14, and have Apache > configured to require a password with .htaccess and .htpasswd files. I > successfully authenticate to Apache, but PhPWiki does not consider me > authenticated, and asks me to login when I try to upload a file for example. > One unusual thing about this hosting environment, which is a possible cause, is > that /tmp is not writeable, so I have to configure any temp file locations > manually. > > Here are the configuration parameters from the user auth section of my > config/config.ini: > > ALLOW_ANON_USER = true > ALLOW_ANON_EDIT = true > ALLOW_BOGO_LOGIN = false > ALLOW_USER_PASSWORDS = false > > USER_AUTH_ORDER = "HttpAuth" > > PASSWORD_LENGTH_MINIMUM = 6 > > USER_AUTH_POLICY = strict > > ;ENABLE_USER_NEW = false > ;ENABLE_PAGEPERM = false If you choose HttpAuth, phpwiki does not do any auth session handling, all this is done within apache, and therefore you have a apache problem. phpwiki just checks for the typical vars for PHP_AUTH_USER or REMOTE_USER (in case of cgi) > Finally, for the record, the reason I have chosen http auth is because it is > the only mechanism that protects uploaded attachments. When using the other > authentication methods attachments may be downloaded without authentication. > Would you like me to report this as a bug? I know of this problem and temp. protected uploads-only with http auth, the rest with LDAP in my case. I'm already working on a transparent http auth login page, so that we get rid of the client auth dialog and have a beautiful, transparent and global HttpAuth solution via httpauth.js -- Reini Urban http://phpwiki.org/ http://murbreak.at/ http://helsinki.at/ http://spacemovie.mur.at/ |