Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Dave F on October 30, 2003, 05:27:07 PM

Title: Twiki and authenticated user access
Post by: Dave F on October 30, 2003, 05:27:07 PM

I have successfully installed Twiki on my 5.6 U5 server.  I am impressed with it and would very much like to authenticate and limit to some extent users ability to edit/view pages (I know this is against the grain of twiki philosophy!) I am with a medical practice and it would be great to post medical information that only specific, authenticated users could edit and/or view.

The twiki documentation states to implement .htaccess for authentication, however, after reviewing the postings here I understand e-smith doesn't use the .htaccess file.  

Has anyone been successful in implementing Twiki authentication of users on an e-smith 5.6 U5 server?  I can't seem to figure this out - I'm not looking for integration with the e-smith ldap, although that would be the "holy grail".

Dave

Title: Re: Twiki and authenticated user access
Post by: Guck Puppy on October 30, 2003, 09:45:49 PM

Dave F wrote:
> The twiki documentation states to implement .htaccess for
> authentication, however, after reviewing the postings here I
> understand e-smith doesn't use the .htaccess file.

It doesn't, but it can. If you can live with the command line, you can add users as you see fit.

There is a howto for .htaccess here:

http://www.ibiblio.org/pub/linux/distributions/e-smith/contrib/ThorAnthrax/mirror/htaccess.html

and the files (which are usually on nightspirit/Thor Anthrax's server, which appears to be undergoing some updating) can be found here :

http://mirror.contribs.org/smeserver/contribs/star/mitel/contrib/htaccess/

> I'm not looking for integration
> with the e-smith ldap, although that would be the "holy grail".

Indeed, but I know that the ldap database cannot be used for authentication - it has no password information in it!

G

Title: Re: Twiki and authenticated user access
Post by: Maggard on November 04, 2003, 12:50:43 AM

Dave F wrote:
>
> I am
> with a medical practice and it would be great to post medical
> information that only specific, authenticated users could
> edit and/or view.

Not to tell you your business but unless you *really* know what you're doing, are assured of keeping on top of this, and have all of the proper auditing and data retention policies in place (think "for years from now") you're running a massive risk in the US with HIPPA compliance. It sounds like a great idea, but run it past your lawyers & insurance carrier before firing it up and putting patient info on it.