[logo]
World Carfree Network - PmWiki

PmWiki has built-in support for password-protecting various areas of the wiki site. Passwords can be applied to individual pages, to Wiki Groups, or to the entire wiki site. Note that the password protection mechanisms described here are only a small part of overall system (and wiki) security, see PmWiki.Security? for more discussion of this.

Authors can use PmWiki to add passwords to individual pages and WikiGroups as described in PmWiki.Passwords. However, WikiAdministrators can also set passwords in local customization files as described below.

PmWiki supports several levels of access to wiki pages:

read passwords allow viewing the contents of wiki pages
edit passwords control editing and modification of wiki pages
attr passwords control who is able to set passwords on pages (and potentially other future attributes)
if uploads are enabled, upload passwords control uploading of files and attachments

Finally, there is an admin password that allows an administrator to override the passwords set for any individual page or group.

Pages have their passwords as "page attributes" that are accessed by using ?action=attr at the end of a URL. Group passwords are held in a special page called "GroupAttributes" for each group. Global site-wide passwords are controlled by the $DefaultPasswords array. All passwords are stored in an encrypted format so that other users on the system cannot simply browse the contents of files to determine the passwords.

By default, $DefaultPasswords is set with empty read, edit, and attr passwords and locked admin and upload passwords. In addition, as distributed, the Main.GroupAttributes and PmWiki.GroupAttributes have locked attr passwords on them to prevent authors from setting passwords on pages in those groups. (To change these passwords, use Main.GroupAttributes?action=attr or PmWiki.GroupAttributes?action=attr.)

To set the site-wide admin password to "mysecret", an administrator can place the following line in config.php:

    $DefaultPasswords['admin'] = crypt('mysecret');

(Note that the crypt('mysecret') function is required for indirect, processed, assignment of the password. Since all passwords are stored as encrypted strings, the direct assignment ..['admin]='mysecret' would be interpreted as an encryption of something else.)

Of course, as written here anyone able to view config.php would immediately know the site's password, so some sites would like it to be encrypted in the config.php file as well. Add ?action=crypt to the end of any PmWiki URL (or jump to PasswordsAdmin?action=crypt) and you'll be presented with a form to give you the encrypted form of the password. For example, when the crypt action is given the password "mysecret", PmWiki gives back a string like

    $1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1

(it may be different on your system). This string can then be put directly into config.php as:

    
    $DefaultPasswords['admin'] = '$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1';  
    

Note that in the encrypted form the crypt keyword and parentheses are removed, since the password is already encrypted. Also, the encrypted password must be in single quotes. In this example the password is still "mysecret", but somebody looking at config.php won't be able to see that just from looking at the encrypted form. Crypt may give you different encryptions for the same password--this is normal (and makes it harder for someone else to determine the original password).

Similarly, you can set $DefaultPasswords['read'], $DefaultPasswords['edit'], and $DefaultPasswords['attr'] to control default read, edit, and attr passwords for the entire site. The default passwords are used only for pages and groups which do not have passwords set. Also, each of the $DefaultPasswords values may be arrays of encrypted passwords.

To remove a site password entirely, such as the default locked password for uploads, just set it to empty:

    $DefaultPasswords['upload'] = '';

In PmWiki, page passwords override group passwords, group passwords override the default passwords, and the admin password always allows access. This gives a great deal of flexibility in controlling access to wiki pages in PmWiki.

You can also use the special password "nopass" (defined by the $AllowPassword variable) via ?action=attr to have a non-password protected page within a password-protected group, or a non-password protected group with a site-wide default password set.

To use PmWiki itself to set passwords on individual wiki pages and Wiki Groups via ?action=attr, see PmWiki.Passwords.

Category: Passwords

<< Per-group customizations | DocumentationIndex | Uploads administration >>

Page last modified on July 10, 2005, at 04:29 PM

PmWiki can't process your request

Cannot acquire lockfile

We are sorry for any inconvenience.