Jim Cheetham schrieb:
> It looks like the shipped config-dist.ini isn't clear enough with the
> required queries in it for the case of plain-password storage in SQL, in
> 1.3.11 in cvs.
>
> The section of comments that holds DBAUTH_AUTH_USER_EXISTS starts with
> "If you want to use Unix crypt()ed passwords," - however
> DBAUTH_AUTH_USER_EXISTS is required even if you don't. Of course, I
> wasn't using crypt, so didn't read that block of code carefully, until I
> set up a new wiki and got auth errors :-)
Well, in the code I see that DBAUTH_AUTH_USER_EXISTS is only required if
auth_crypt_method != 'crypt'. But I haven't tested it yet.
//NOTE: for auth_crypt_method='crypt' no special auth_user_exists is needed
> I suggest that this line is moved up, above the initial "; Check to see
> if the supplied username/password pair is OK" section.
But if your point is valid, I'll move it up like this:
; USER/PASSWORD queries
;
; For USER_AUTH_POLICY=strict and the Db method this is required:
; DBAUTH_AUTH_USER_EXISTS = "SELECT userid FROM user WHERE userid='$userid'"
TODO: Somewhere in the ini we should also document which options are
required for ENABLE_USER_NEW=false.
--
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/
|
