It's not about that anyone can edit, but that you
can properly
contribute
edits to the right person.
if you expect that your users sniff passwords of other users, then use
them
to impersonate them and fake content in their name, you got bigger
issues
than to worry about login or not to your wiki.
There is a certain trust you have to give your users.
Just because you trust your users doesn't mean you should EVER pass
username/password combos in the clear.
You should always assume there is a hostile on your network waiting for
someone with domain admin privileges to pass a username/password in the
clear.
Using HTTPS is so simple that there is never a reason not to use it to
protect credentials. If the user doesn't want to pay for a real cert, he
can create his own internal CA, and push out the CA cert to his clients
to trust.
To be a little more on topic though... Doesn't apache have an NTLM
authentication module? I usually shy away from NTLM since I have a
diverse network, but if all of the people authenticating will be coming
from the same domain (and all of them are windows clients), it would
probably be a good idea, and might not require https.
V/r,
Ryan Lane