Ikiwiki is static, so access control for viewing the wiki must be implemented on the web server side. Managing wiki users and access together, we can currently
- use httpauth, but some passwordauth functionnality is missing;
- use passwordauth plus an Apache
mod perlauthentication mechanism, but this is Apache-centric and enabling
mod_perljust for auth seems overkill.
Moreover, when ikiwiki is just a part of a wider web project, we may want to use the same userdb for the other parts of this project.
I think an ikiwiki plugin which would (re)generate an htpasswd version of the user/passwd base (better, two htpasswd files, one with only the wiki admins and one with everyone) each time an user is added or modified would solve this problem:
- access control can be managed from the web server
- user management is handled by the passwordauth plugin
- htpasswd format is understood by various servers (Apache, lighttpd, nginx, ...) and languages commonly used for web development (perl, python, ruby)
- htpasswd files can be mirrored on other machines when the web site is distributed
I think this is a good idea. Although unless the password hashes that are stored in the userdb are compatible with htpasswd hashes, the htpasswd hashes will need to be stored in the userdb too. Then any userdb change can just regenerate the htpasswd file, dumping out the right kind of hashes. --Joey