Authentication Backends

After you have enabled ACL in the config file you need to decide how you like to store user data. DokuWiki supports various methods and creating a new one is pretty easy.

DokuWiki uses so called authentication backends that provide certain methods to store user data and passwords. The user won't even see this backend but you as an administrator have to set up your desired authentication backend and configure it properly.

If the available backends does not fulfill the requirements, you can create your own backend. For details see How to write an Authentication Backend?

These are the backends you get with DokuWiki:

• ad – Active Directory authentication with optional Single Sign On (SSO)
• ldap – authenticate users against a LDAP directory
• mysql – access any MySQL database to authenticate users
• pgsql – access any Postgres database to authenticate users
• plain – the default mechanisms which uses plain text files

These Backends aren't part of the distribution, but might be useful:

• Ban – More secure login with ban option (rewritten plain.auth.php)
• CAS – authenticate with a CAS server
• cas – another CAS authentication with ACL based on LDAP attributes
• chained – chain more than one authentication method
• cosign – CoSign authentication for Single Sign On (SSO)
• django – Authenticates against a Django user database through a Django session cookie.
• Eventum – How to integrate DokuWiki with Eventum Issue Tracker
• drupal – authenticate against a Drupal install
• external – Authentication through an external program – to be used with PAM & shadow passwords
• gforge – Authenticate against GForge session cookies
• ggauth – experimental thoughts on auth backends including chained, split as below plus HTTP basic, htaccess and PAM
• htaccessauth – identify users that already logged in using a Basic HTTP Authorization through .htaccess
• imap – authenticate users against an IMAP/POP3 server
• imap – Another (awesome) IMAP authentication backend
• keeyaiwp – SSO with Wordpress
• ldap_local – LDAP authentication with local (plain text) ACLs
• lemonldap – authenticate users through a LemonLDAP SSO
• mod_auth_tkt – mod_auth_tkt authentication
• motp – basically like the plain backend but with added checks for Mobile-OTP tokens
• mybb – authentication using the MyBB forum software
• ning – Ning ID authentication
• ntlm – NTLM (i.e. Windows NT-based) authentication
• pam – Experimental PAM authentication
• cafu_phpbb3 – authenticate users against a PHPBB3 forum
• phpbb3 – authenticate users against a PHPBB3.0.x forum - another take on the matter
• plainplus – extension to plaintext to limit bad password attempts and set expirations to passwords
• punbb – authenticate users against the PunBB forum (uses PunBB's cookies and database for SSO)
• radius – authenticate users against a RADIUS server
• shibauth – Shibboleth Authentication Backend
• split – delegate login to one auth backend and groups management to another
• smartcard – use SmartCard for login (client certificate, developed for Estonian ID card). Supports multiple backends (plain, mysql and so on).
• ssp – SimpleSAMLphp authentication backend
• sympa auth – Authenticate using sympa over SOAP
• xmpp – authenticate users against an XMPP/Jabber server
• yubikey – Extension to the paintext auth module to allow use of a YubiKey OTP as the password
• dokudrupal – Drupal 7 authentication backend.
• Ucenter – Discuz Ucenter Authentication backend.
• Joomla 1.5 – Joomla 1.5 Authentication backend.

How to implement a new auth backend is described in the HOWTO.

• fblogin – Use Facebook as an authentication authority for your DokuWiki site
• openid – lets register with an OpenID URL; lets already registered users add OpenID URLs to their profiles and then use OpenID to login.
• virtualgroup – allows to assign groups to a user independently from the authn/authz-Backend.

Some relevant tips related to authentication backends

• commonlogin – Sharing authentication data between wikis on the same server
• .htaccess authentication – Use .htaccess authentication instead of the login form
• .htaccess authentication 2 – As above with support for UserManager
• HTTP-Auth Passthru – Adding http-auth-functionality to your existing ACL-setup
• Chained Authentication – Use a sequence of authentication backends (e.g. LDAP then plain )
• usermanager and chained auth – Manage each authentication method used by the chained method through the usermanager
• Separate Admin Login – Use a special admin login, which cannot read or edit pages
• list of integrations in other software – explaining integration with other software, often authentication included.
• Change user name after authentication – Change the username after authentication (e.g. you want to allow login via a unique id that could change sometime (e.g. email address), but use another unmodifiable unique id as permanent identifier in Dokuwiki)