Jon Wickström wrote: > Q: What authentication module should I use? Minumum is allowing user > to change own password, selfregistering is preferred. Probable needed > security levels are admin, logged in user can edit, not logged in > users can read. I don't want to use a database or external source for > the authentication. > > AuthUser is built in, but does not quite take me all the way. Minimum > requirement is for the user to be able to change their own password.
HtpasswdForm allows users to change their password and to self-register but without mail confirmation. Currently I'm using HtpasswdForm, but if a user forgets his password, I have to reset it manually. No problem for me since there are not too many users. Iwould be nice to see something like HtpasswdForm with confirming a valid mail address (via web link) and maybe "forgot password" support (via email). A logging function to catch unused accounts would also be interesting, but this seems to be so simple that I could do it myself. > AuthUserSignup seems to have signup and password changeing. And it is > built on AuthUser? Stable. Is it supported? it is way too complicated for me to understand and therefore to judge whether it is a security risk. AuthUser with HtpasswdForm is simple, there is little risk that something goes wrong and I can do some maintenance if necessary. Oliver _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
