[Moin-user] Access Control List Clarification Needed

Thomas Waldmann tw at waldmann-edv.de
Thu Jul 31 03:23:03 EDT 2003

> My understanding is the ACL code in CVS and the current nightly
> tarballs is not yet usable, but waiting for the name/password login
> code. Correct?

Not quite.

Well, if you need a *password login screen*, you will have to wait until 
it's there (or use one of the patches on sourceforge and apply yourself).

But if some users on your system have an account and you can live with 
cookie based "authentication", you already can use ACLs right now.

In earlier days, you could create multiple accounts for the same 
username, but in recent cvs code this isn't possible any more. So a user 
can't get access to protected pages by just changing his username to 
someone else's.

But be careful: already existing "duplicate" accounts might be further 
used, so maybe clean up there before using ACLs.

Of course you also can use ACLs to differentiate between Known: and All: 
- these doesn't depend on authentication anyway. "Trusted:" will come 
after an auth system is in place.


More information about the Moin-user mailing list