PmWikiJa / パスワード

authors PmWiki has built-in support for password-protecting various areas of the wiki site. Authors generally want to be able to apply passwords to individual pages or to wiki groups?. Wiki Administrators can apply passwords to individual pages, to wiki groups, or to the entire site?. As with any access control system, the password protection mechanisms described here are only a small part of overall system and wiki security?.

PmWiki は、wiki サイトの様々なエリアでパスワード保護を組込みサポートしています。作者は、一般的にパスワードを個々のページやwiki group?に適用することができるようになりたいと思っています。Wiki 管理者は、パスワードを個々のページ、wiki グループ、あるいは、サイト全体?に適用することができます。あらゆるアクセス制御システムと同じように、ここで説明されたパスワード保護メカニズムはシステム全体とwikiセキュリティ?の小さい部分であるにすぎません。

As an author editing pages... ページを編集している作者として...

An author will generally set 3 types of passwords:

  1. to control who can see a page or group, use read passwords
  2. to control who can edit a page or group, use edit passwords
  3. to control who can alter the passwords used to protect a page or group, use attr passwords

作者は、一般的に3タイプのパスワードを設定します:

  1. だれがページやグループを見ることができるかについて制御するため、read パスワードを使用してください。
  2. だれがページやグループを編集することができるかについて制御するため、edit パスワードを使用してください。
  3. だれがページやグループを保護するのに用いられるパスワードを変えることができるかについて制御するために、attr パスワードを使用してください。

To set a password on an individual wiki page, add

?action=attr

to the page's URL (address) to access its attributes. Using the form on the attributes page, you can set or clear the read, edit, or attr passwords on the page. In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically when it stores them.

Additional options:

clear
@nopass
@lock
@_site_edit

個々の wiki ページにパスワードを設定するためには、 ページの URL (アドレス)に

?action=attr

を追加し属性にアクセスします。属性ページのフォームを使い、readedit、 あるいは、 attr パスワードを設定や解除することが出来ます。フォームに平文としてパスワードを入力すると: PmWiki は、保存時に自動的に暗号化します。

追加オプション:

clear
@nopass
@lock
@_site_edit

To set a password on a wiki group is slightly more difficult -- you just set the passwords on a special page in each group called

GroupAttributes

First, you can get to the attributes page for GroupAttributes by entering a URL (address) like

http://www.example.com/pmwiki/index.php?n=GroupName.GroupAttributes?action=attr

Replace www.example.com with your domain name, and GroupName with the name of the group

Then, using the form on the attributes page, you can set or clear the read, edit, or attr passwords for the entire group. In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically.

Additional options:

clear
@nopass
@lock

wikiグループにパスワードをけしかけるのはわずかに難しいです -- 単に、各グループで以下のようなに呼ばれている特別なページのパスワードを設定します。

GroupAttributes

まず最初に、次のように URL (アドレス)を入力することで GroupAttributes の属性ページを得ることができます。

http://www.example.com/pmwiki/index.php?n=GroupName.GroupAttributes?action=attr

www.example.com をドメイン名、GroupName をグループの名前に置き換えてください。

この時点で、属性ページのフォームを使い、グループ全体の readedit、 あるいは、 attr パスワードを設定や解除することが出来ます。フォームに平文としてパスワードを入力すると: PmWiki は、自動的に暗号化します。

追加オプション:

clear
@nopass
@lock

Multiple passwords for a page, group or site are allowed. Simply enter multiple passwords separated by a space. This allows you to have a read password, a write password, and have the write password allow read/write access. In other words, if the read password is

alpha

and the edit password is

beta

then enter

Set new read password: alpha beta
Set new edit password: beta

This says that either

alpha

or

beta

can be used to read pages, but only

beta

may edit. Since PmWiki checks the passwords you've entered since the browser has been opened, entering a read password that is also a write password allows both reading and writing.

ページ、グループ、または、サイトのための複数のパスワードは、可能です。単純にスペースで区切られた複数のパスワードを入力してください。これは、読込みパスワード、書込みパスワード、を持つ事が可能で、書込みパスワードを持つことで、読み/書きアクセスが可能です。 言い換えれば、もし、読込みパスワードが

alpha

であり、編集パスワードが

beta

であれば、以下のように入力します。

Set new read password: alpha beta
Set new edit password: beta

これは、

alpha

beta

どちらもページを読むために使うことが出来るということですが、

beta

のみで編集できるでしょう。PmWiki がブラウザが開けられて以来の、入力したパスワードをチェックするので、entering a read password that is also a write password allows both reading and writing.

administrator

As an administrator ...

You can set passwords on pages and groups exactly as described above for authors. You can also:

  1. set site-wide passwords for pages and groups that do not have passwords
  2. use attr passwords to control who is able to set passwords on pages
  3. use upload passwords to control access to the file upload? capabilities (if uploads are enabled)
  4. use an admin password to override the passwords set for any individual page or group

For more information on password options available to administrators, see PasswordsAdmin?.

Which password wins?

In PmWiki, page passwords override group passwords, group passwords override the default passwords, and the admin password overrides all passwords. This gives a great deal of flexibility in controlling access to wiki pages in PmWiki.

Opening access to pages in protected groups/sites

Sometimes we want to "unprotect" pages in a group or site that is otherwise protected. In these cases, the special password

@nopass

is used to indicate that access should be allowed to a page without requiring a password.

For example, suppose Main.GroupAttributes has an edit password set, thus restricting the editing of all pages in Main. Now we want Main.WikiSandbox to be editable without a password. Using

clear

for the edit password for Main.WikiSandbox doesn't unprotect the page, because the password is being set by the group. Instead, we set the edit password for Main.WikiSandbox to the special value

@nopass

which tells PmWiki to ignore any site-wide or group-level passwords for that page.

<< | Documentation Index? | >>

How can I password protect all the pages and groups on my site? Do I really have to set passwords page by page, or group by group?

Administrators can set passwords for the entire site by editing the config.php file; they don't have to set passwords for each page or group. For example, to set the entire site to be editable only by those who know an "edit" password, an administrator can add a line like the following to local/config.php:

    $DefaultPasswords['edit'] = crypt('edit_password');

For more information about the password options that are available only to administrators, see PasswordsAdmin?.

I get http error 500 "Internal Server Error" when I try to log in. What's wrong?

This can happen if the encrypted passwords are not created on the web server that hosts the PmWiki.
The crypt function changed during the PHP development, e.g. a password encrypted with PHP 5.2 can not be decrypted in PHP 5.1, but PHP 5.2 can decrypt passwords created by PHP 5.1.
This situation normally happens if you prepare everything on your local machine with the latest PHP version and you upload the passwords to a webserver which is running an older version.
The same error occurs when you add encrypted passwords to local/config.php.

Solution: Create the passwords on the system with the oldest PHP version and use them on all other systems.

How can I create private groups for users, so that each user can edit pages in their group, but no one else (other than the admin) can?

Administrators can use the AuthUser recipe and add the following few lines to their local/config.php file to set this up:

    $group = FmtPageName('$Group', $pagename); 
$DefaultPasswords['edit'] = 'id:'.$group;
include_once("$FarmD/scripts/authuser.php");

This automatically gives edit rights to a group to every user who has the same user name as the group name.

How come when I switch to another wiki within a farm, I keep my same authorization?

PmWiki uses PHP sessions to keep track of authentication/authorization information, and by default PHP sets things up such that all interactions with the same server are considered part of the same session.

An easy way to fix this is to make sure each wiki is using a different cookie name for its session identifier. Near the top of one of the wiki's local/config.php files, before calling authuser or any other recipes, add a line like:

    session_name('XYZSESSID');

You can pick any alphanumeric name for XYZSESSID; for example, for the cs559-1 wiki you might choose

    session_name('CS559SESSID');

This will keep the two wikis' sessions independent of each other.