Re: [Phpwiki-talk] Authentication puzzles

[Antony S. <Ant...@ph...>]

On Wednesday 09 September 2009 16:35, Reini Urban wrote:

> 2009/9/9 Antony Stone <Ant...@ph...>:
> > On Sunday 06 September 2009 14:02, Antony Stone wrote:
> >> ; True User Authentication:
> >> ; To require user passwords:
> >> ;   ALLOW_ANON_USER = false
> >> ;   ALLOW_ANON_EDIT = false
> >> ;   ALLOW_BOGO_LOGIN = false,
> >> ;   ALLOW_USER_PASSWORDS = true.
> >> ; Otherwise any anon or bogo user might login without any or a wrong
> >> password.
> >>
> >> I have set all four variables to the required values and restarted
> >> Apache, and yet it is still possible to log in with a random username
> >> and no password (ie: a Bogo login).  How do I get the functionality as
> >> documented - True User Authentication?  Do I need to reset / reconfigure
> >> / restart something else after changing the config.ini file?

> Tell us your USER_AUTH_ORDER
> These are effective with ALLOW_USER_PASSWORDS
>
> If you have e.g. USER_AUTH_ORDER = "BogoLogin : PersonalPage"
> BogoLogin is in use as you observed.

I have not explicitly set USER_AUTH_ORDER (the instructions for getting True 
User Authentication don't tell me I need to), therefore I expect the setting 
to have the value in /usr/share/phpwiki/config/config-default.ini, which is:

USER_AUTH_ORDER = PersonalPage

Should I select "USER_AUTH_ORDER = Db" instead (since I am using a MySQL 
backend database, I'd quite like all the authentication data to be in there 
as well)?

Thanks for the reply - it's good to see there's someone else around here :)


Antony.

-- 
Atheism is a non-prophet-making organisation.

                                                     Please reply to the list;
                                                           please don't CC me.