From: Antony S. <Ant...@ph...> - 2009-09-09 21:35:40
|
On Wednesday 09 September 2009 16:35, Reini Urban wrote: > 2009/9/9 Antony Stone <Ant...@ph...>: > > On Sunday 06 September 2009 14:02, Antony Stone wrote: > >> ; True User Authentication: > >> ; To require user passwords: > >> ; ALLOW_ANON_USER = false > >> ; ALLOW_ANON_EDIT = false > >> ; ALLOW_BOGO_LOGIN = false, > >> ; ALLOW_USER_PASSWORDS = true. > >> ; Otherwise any anon or bogo user might login without any or a wrong > >> password. > >> > >> I have set all four variables to the required values and restarted > >> Apache, and yet it is still possible to log in with a random username > >> and no password (ie: a Bogo login). How do I get the functionality as > >> documented - True User Authentication? Do I need to reset / reconfigure > >> / restart something else after changing the config.ini file? > Tell us your USER_AUTH_ORDER > These are effective with ALLOW_USER_PASSWORDS > > If you have e.g. USER_AUTH_ORDER = "BogoLogin : PersonalPage" > BogoLogin is in use as you observed. I have not explicitly set USER_AUTH_ORDER (the instructions for getting True User Authentication don't tell me I need to), therefore I expect the setting to have the value in /usr/share/phpwiki/config/config-default.ini, which is: USER_AUTH_ORDER = PersonalPage Should I select "USER_AUTH_ORDER = Db" instead (since I am using a MySQL backend database, I'd quite like all the authentication data to be in there as well)? Thanks for the reply - it's good to see there's someone else around here :) Antony. -- Atheism is a non-prophet-making organisation. Please reply to the list; please don't CC me. |