PmWiki has built-in support for password-protecting various areas of the wiki site. Passwords can be applied to individual pages, to Wiki Groups, or to the entire wiki site. Note that the password protection mechanisms described here are only a small part of overall system (and wiki) security, see PmWiki.Security for more discussion of this.
Authors can use PmWiki to add passwords to individual pages and WikiGroups as described in PmWiki.Passwords. However, WikiAdministrators can also set passwords in local customization files as described below.
PmWiki supports several levels of access to wiki pages:
if uploads are enabled,
Finally, there is an
By default, PmWiki has the following password settings:
See Passwords for information about setting per-page and per-group passwords. The remainder of this page describes setting site-wide passwords from the local/config.php file.
Setting site-wide passwords
One of the first things an admin should do is set an
$DefaultPasswords['admin'] = crypt('secret_password');
Note that the crypt() call is required for this -- PmWiki stores and processes all passwords internally as encrypted strings. See the crypt section below for details about eliminating the cleartext password from the configuration file.
To set the entire site to be editable only by those who know an "edit" password, add a line like the following to local/config.php:
$DefaultPasswords['edit'] = crypt('edit_password');
Similarly, you can set
$DefaultPasswords['read'] = array(crypt('alpha'), crypt('beta')); $DefaultPasswords['edit'] = crypt('beta');
This says that either "alpha" or "beta" can be used to read pages, but only the "beta" password will allow someone to edit a page. Since PmWiki remembers any passwords entered during the current session, the "beta" password will allow both reading and writing of pages, while the "alpha" password allows reading only. A person without either password would be unable to view pages at all.
Unlike many systems which have identity-based systems for controlling access to pages (e.g., using a separate username and password for each person), PmWiki defaults to a password-based system as described above. In general password-based systems are often easier to maintain because they avoid the administrative overheads of creating user accounts, recovering lost passwords, and mapping usernames to permitted actions.
However, PmWiki's authuser.php script augments the password-based system to allow access to pages based on a username and password combination. See AuthUser? for more details on controlling access to pages based on user identity.
One drawback to using the crypt() function directly to set passwords in config.php is that anyone able to view the file will see the unencrypted password. For example, if config.php contains
$DefaultPasswords['admin'] = crypt('mysecret');
then the "mysecret" password is in plain text for others to see. However, a wiki administrator can obtain and use an encrypted form of the password directly by using
The string returned from
$DefaultPasswords['admin'] = '$1$hMMhCdfT$mZSCh.BJOidMRn4SOUUSi1';
Note that in the encrypted form the crypt keyword and parentheses are removed, since the password is already encrypted. Also, the encrypted password must be in single quotes. In this example the password is still "
To remove a site password entirely, such as the default locked password for uploads, just set it to empty:
$DefaultPasswords['upload'] = '';
You can also use the special password "nopass" (defined by the $AllowPassword variable) via
Revoking or invalidating passwords
If a password is compromised and the wiki administrator wants to quickly invalidate all uses of that password on a site, a quick solution is the following in local/config.php:
$ForbiddenPasswords = array('secret', 'tanstaafl'); if (in_array(@$_POST['authpw'], $ForbiddenPasswords)) unset($_POST['authpw']);
This prevents "secret" and "tanstaafl" from ever being accepted as a valid authorization password, regardless of what pages may be using it.