summaryrefslogtreecommitdiff
path: root/doc/todo/httpauth_feature_parity_with_passwordauth.mdwn
blob: eb71cf840770b885e024f773567166a6a41a7e7c (plain)

The only way to have a private ikiwiki, with a shared user database for static pages and CGI authentication, is to use [[plugins/httpauth]]. It would be good for httpauth to be on par with [[plugins/passwordauth]], i.e. to allow registering users, resetting passwords, and changing passwords; supporting some kind of account_creation_password configuration option would be nice, too.

I'll probably propose patches implementing this at some point. I've not had a single look at the code yet, but it may be nice to factorize the relevant passwordauth code, instead of rewriting it completely in httpauth.

-- [[intrigeri]]

Well, on such a private wiki, one can neither register herself nor reset his password: the registration page, as any other page, would be forbidden to non-authenticated users. Admin users should then be enabled to:

  • register a new user
  • reset someone else's password

In both cases, a brand new random password is sent by e-mail to the new user.

An authenticated user should nevertheless be able to change his own password. -- [[intrigeri]]

[[wishlist]]