Table of Contents
How to share authentication data between several wikis on the same server
Consider the following scenario: You want to have several wikis on the same server and your users only want to login once. For this single-sign-on scenario to work you have to do the following things:
- Change the definition of
DOKU_COOKIEin inc/init.php to something that is the same on all instances, for example
DOKU_COOKIEis the name of the cookie that is set after a user logs in. In a standard DokuWiki installation it's a hash of the full URL (including the path).
- In the two
'/'. This ensures that only one cookie is sent to all instances on the server.
- The contents of the file
data/meta/_htcookiesaltmust be the same on all instances. The file gets created when a user first logs in, after that, the content stays the same.
- To share the user information, declare one Wiki as the “master” wiki. The file
conf/users.auth.phpin the “slave” wikis must be a hard link to this file in the “master” wiki. If you have a similar namespace structure or don't need complex ACL setups, you can also share the file
There are many other common login feasible like LDAP and Active Directory just search and install
The original instructions said in Step 4, “The file
conf/users.auth.php in the “slave” wikis must be a symlink to this file in the “master” wiki.” When I tried using a symbolic link, I got the error messages,
! User authentication is temporarily unavailable. If this situation persists, please inform your Wiki Admin. ! No ACL setup yet! Denying access to everyone.
I made sure the link was not read-only, and that the permissions were the same as those on a working installation, in particular that the Internet Guest Account has Read and Write permissions. When I used a hard link, the set-up worked as advertised. I have changed the instructions accordingly, even though I don't understand what is going on. –Art Carlson, Max Planck Institute of Biochemistry, Munich, Germany
Explanation of Symlink Problem
The reason why symlinks don't work for some users, but do work for others, is that not all web server configs will support following symbolic links. Supporting symbolic links can open up some security problems, so turning off that protection isn't a swell idea