This is an old revision of the document!
Table of Contents
authremoteuser Plugin
Compatible with DokuWiki
Detritus, Elenor Of Tsort, Frusterick Manners, Greebo
Provides authentication via web server's REMOTE_USER environment variable which is set through authentication systems like HTTP-Auth, LDAP, CAS, Cosign, NTLM, PAM, WebAuth, SSPI, and so on
This extension has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues.
Similar to authclientcert
Description
This plugin allows integration with the web server's built-in authentication system via the REMOTE_USER
environment variable which is set through HTTP-Auth, LDAP, CAS, Cosign, NTLM, PAM, WebAuth, SSPI and so on. It uses the default plain text file conf/users.auth.php
to store user information.
Installation
- Enable an authentication system which sets REMOTE_USER (and disable anonymous authentication) on your web server.
- Search and install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.
Usage
- Determine your
REMOTE_USER
name:- Open
phpinfo.php
in your web browser and search for the value in_SERVER[“REMOTE_USER”]
- Add this value as new user ID to your user list if it is missing and add them groups
admin
anduser
. Don't be surprised: The user ID is converted to a valid pagename.
- In your DokuWiki login as superuser, click “Admin”, choose “Configuration Settings”, and configure these settings
- Disable action
profile
. - If enabled, disable option
subscribers
temporarily. - Enable
authtype
“authremoteuser”. - Disable
rememberme
. - Save this configuration
- Remove
DokuWiki
cookie from your browser or close and restart your browser. - Reload your DokuWiki installation. Your login should be automatically detected.
- Now, you can re-enable option
subscribers
again (see above). - Remove file
phpinfo.php
from your web server.
Copy the configuration settings to the conf/local.protected.php
file to protect the settings against changes via Config Manager.
Administration of users and its groups is done in the User manager, which is fully supported by this plugin.
Storage
authremoteuser
uses the same storage backend like authplain
that is conf/users.auth.php
. Users which are added after switching to authremoteuser
, won't contain an encrypted password.
That is: You can switch back to authplain
(and enable profile
setting) whenever you want, and all your users which were already added before are still able to login using their (hopefully yet known) password. All
other users can use the “forget my password” link.
File Format
Empty lines, and everything after a #
character are ignored. Each line contains a colon separated array of 5 fields loginname:password:Real Name:e-mail:groups
which are:
- Login name - This has to be a valid pagename
- Password - Encrypted password if user id was added using
authplain
, otherwise empty. - Real Name - Real name of the user
- E-Mail - Email address of user
- Groups - Comma separated list of groups a user is member of. The group names must follow the rules of valid pagenames.
Editing
Since conf/users.auth.php
is a plain text file, it can be edited with any text editor.
Development
Change Log
- 2016-03-29
Initial release