From e81c59748e923137e769be675424213061858cad Mon Sep 17 00:00:00 2001 From: intrigeri Date: Tue, 23 Dec 2008 00:13:12 +0100 Subject: httpauth_feature_parity_with_passwordauth: a bit more thinking Signed-off-by: intrigeri --- .../httpauth_feature_parity_with_passwordauth.mdwn | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn b/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn index 8a338ece1..eb71cf840 100644 --- a/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn +++ b/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn @@ -1,5 +1,8 @@ -The only way to have a private ikiwiki, with a shared user database for static pages and CGI authentication, is to use [[plugins/httpauth]]. It would be good for httpauth to be on par with [[plugins/passwordauth]], -i.e. to allow registering users, resetting passwords, and changing passwords; supporting some kind of +The only way to have a private ikiwiki, with a shared user database +for static pages and CGI authentication, is to use +[[plugins/httpauth]]. It would be good for httpauth to be on par with +[[plugins/passwordauth]], i.e. to allow registering users, resetting +passwords, and changing passwords; supporting some kind of `account_creation_password` configuration option would be nice, too. I'll probably propose patches implementing this at some point. @@ -8,4 +11,18 @@ the relevant passwordauth code, instead of rewriting it completely in httpauth. -- [[intrigeri]] +Well, on such a private wiki, one can neither register herself nor +reset his password: the registration page, as any other page, would be +forbidden to non-authenticated users. Admin users should then be +enabled to: + +- register a new user +- reset someone else's password + +In both cases, a brand new random password is sent by e-mail to the +new user. + +An authenticated user should nevertheless be able to change his +own password. -- [[intrigeri]] + [[wishlist]] -- cgit v1.2.3