[Moin-user] Add single login account to standalone wiki
Thomas Waldmann
tw-public at gmx.de
Fri Sep 19 03:41:18 EDT 2008
> I have a basic standalone wiki (moin-1.6.2)
Updating that to 1.7.2 should be relatively easy.
> with default config and no authentication method. It is installed on a
> server for use inside a corporate firewall.
OK.
> The users want to password-protect the wiki by using single username
> and password that everyone on the team would use.
Could be done, but IMHO that is a bad idea.
If everybody uses the same username, you don't see who did what change.
If someone leaves the team, he/she will still know the password - no
easy way to revoke access. Also, the probability that such a "common
user/password" leaks out and is soon known by everybody is rather high.
So I suggest you have username/password for each user (as usual).
Then have a page UserGroup and put all legitimate usernames into a 1st
level list on that group definition page. Then use
UserGroup:read,write,delete,revert in your default acl.
If you do it that way, every UserGroup member can add new members to /
remove other members from the group definition. If that is not wanted,
just use a non-default acl on the UserGroup page.
> The help file indicates the basic authentication method by moin via
> username/password would import MoinMoin/auth/MoinAuth.
> from MoinMoin.auth import MoinAuth
> auth = [MoinAuth()]
Looks like you are reading the 1.7 docs (and auth is slighlty different
there).
You have a full set of matching help pages in YOUR wiki.
If you read on masterXX.moinmo.in, be careful you choose master16 for
1.6, master17 for 1.7, ...
> The wiki front page has the standard login form at the top,
Usually every page has that Login link that shows the form.
> which allows profile creation. It is not clear if this is to be used
> in my case or if MoinAuth uses local accounts on the server.
Moin does not use UNIX or Windows user accounts by default.
> The login form is on the same page as the top level data page, so I am
> not sure how that protects the data.
Well, you could have a restrictive acl_rights_default and just open the
front page for everybody (the front page would not contain any sensitive
information in that case).
More information about the Moin-user
mailing list