httpauth_feature_parity_with_passwordauth: a bit more thinking

Signed-off-by: intrigeri <intrigeri@boum.org>

1 files changed, 19 insertions, 2 deletions

diff --git a/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn b/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn
index 8a338ece1..eb71cf840 100644
--- a/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn
+++ b/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn
@@ -1,5 +1,8 @@
-The only way to have a private ikiwiki, with a shared user database for static pages and CGI authentication, is to use [[plugins/httpauth]]. It would be good for httpauth to be on par with [[plugins/passwordauth]],
-i.e. to allow registering users, resetting passwords, and changing passwords; supporting some kind of
+The only way to have a private ikiwiki, with a shared user database
+for static pages and CGI authentication, is to use
+[[plugins/httpauth]]. It would be good for httpauth to be on par with
+[[plugins/passwordauth]], i.e. to allow registering users, resetting
+passwords, and changing passwords; supporting some kind of
 `account_creation_password` configuration option would be nice, too.
 
 I'll probably propose patches implementing this at some point.
@@ -8,4 +11,18 @@ the relevant passwordauth code, instead of rewriting it completely in httpauth.
 
 -- [[intrigeri]]
 
+Well, on such a private wiki, one can neither register herself nor
+reset his password: the registration page, as any other page, would be
+forbidden to non-authenticated users. Admin users should then be
+enabled to:
+
+- register a new user
+- reset someone else's password
+
+In both cases, a brand new random password is sent by e-mail to the
+new user.
+
+An authenticated user should nevertheless be able to change his
+own password. -- [[intrigeri]]
+
 [[wishlist]]