The only way to have a private ikiwiki, with a shared user database for static pages and CGI authentication, is to use httpauth. It would be good for httpauth to be on par with passwordauth, i.e. to allow registering users, resetting passwords, and changing passwords; supporting some kind of account_creation_password configuration option would be nice, too.

I'll probably propose patches implementing this at some point. I've not had a single look at the code yet, but it may be nice to factorize the relevant passwordauth code, instead of rewriting it completely in httpauth.

-- intrigeri

Well, on such a private wiki, one can neither register herself nor reset his password: the registration page, as any other page, would be forbidden to non-authenticated users. Admin users should then be enabled to:

  • register a new user
  • reset someone else's password

In both cases, a brand new random password is sent by e-mail to the new user.

An authenticated user should nevertheless be able to change his own password. -- intrigeri