Skip to topic
|
Skip to bottom
Jump:
TWiki
PyqPlayer
Download
Documentation
FAQs
Welcome
Register
TWiki Web
TWiki Web Home
Changes
Topics
Index
Search
Other TWiki Webs
Main
Sandbox
TWiki
Create
personal sidebar
Edit
Attach
Printable
TWiki.TWikiUserAuthentication
r1.19 - 15 Aug 2004 - 21:29 -
PeterThoeny
topic end
Start of topic |
Skip to actions
%TOC% %STARTINCLUDE% ---# TWiki User Authentication _TWiki site access control and user activity tracking options_ TWiki does not authenticate users internally, it depends on the =REMOTE_USER= environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol). TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity. ---++ Authentication Options No special installation steps are required if the server is already authenticated. If it isn't, you have these options for controlling user access: 1. *No login at all:* Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki mode. All visitors are assigned the %MAINWEB%.TWikiGuest default identity, so you can't track individual user activity. * *How:* Default, no web server configuration necessary 1. *No login to view; require login to edit:* Keeping track of who changed what and when, while keeping view access unrestricted is desirable in most TWiki deployments. This option is not suitable if you need TWikiAccessControl for view restricted content since TWiki does not know who a user is when looking at content. * *How:* Use Basic Authentication to control access by protecting key scripts: =attach=, =edit=, =installpasswd=, =manage=, =preview=, =rename=, =save=, =upload=. The TWikiInstallationGuide has step-by-step instructions. 1. *No login to view _unless necessary_; require login to edit:* You prefer not to bother the user with login for unrestricted content, but you need TWikiAccessControl for view restricted content. There are two ways to accomplish this: * *How 1:* Use Basic Authentication with Partial Authentication (described below) * *How 2:* Use one of the Session TWiki:Plugins where you give the user the option to login and logout. 1. *Require login to view and edit:* Most restrictive, but TWiki knows who the user is at all times. There are two ways to accomplish this: * *How 1:* Use Basic Authentication to authenticate the whole =twiki/bin= directory. Consult your web server documentation. * *How 1:* Use SSL (Secure Sockets Layer; HTTPS) to authenticate and secure the whole server. Consult your web server documentation. ---+++ Partial Authentication *Tracking by IP address* is an experimental feature, enabled in =lib/TWiki.cfg=. It lets you combine open access to some functions, with authentication on others, with full user activity tracking: * Normally, the ==REMOTE_USER== environment variable is set for the scripts that are under authentication. If, for example, the ==edit==, ==save== and ==preview== scripts are authenticated, but not ==view==, you would get your WikiName in ==preview== for the ==%<nop>WIKIUSERNAME%== variable, but ==view== will show ==TWikiGuest== instead of your <nop>WikiName. * TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts, like ==view==, will show the correct username instead of %MAINWEB%.TWikiGuest. * Enable this feature by setting the ==$doRememberRemoteUser== flag in =TWiki.cfg=. TWiki then persistently stores the IP address/username pairs in the file, =$remoteUserFilename=, which is ="$dataDir/remoteusers.txt"= by default. * Copy the =view= script to =viewauth= (or better, create a symbolic link) * Add =viewauth= to the list of authenticated scripts in the =twiki/bin/.htaccess= file. The =view= script should not be listed in the =.htaccess= file. * %X% This approach can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers. *Quick Authentication Test* - Use the %<nop>WIKIUSERNAME% variable to return your current identity: * You are %WIKIUSERNAME% ---++ TWiki Username vs. Login Username This section applies only if your TWiki site is installed on a server that is both *authenticated* and on an *intranet*. %WIKITOOLNAME% internally manages two usernames: Login Username and TWiki Username. * *Login Username:* When you login to the intranet, you use your existing login username, ex: ==pthoeny==. This name is normally passed to TWiki by the ==REMOTE_USER== environment variable, and used internally. Login Usernames are maintained by your system administrator. * *TWiki Username:* Your name in WikiNotation, ex: ==PeterThoeny==, is recorded when you register using TWikiRegistration; doing so also generates a personal home page in the %MAINWEB% web. TWiki can automatically map an Intranet (Login) Username to a TWiki Username, provided that the username pair exists in the %MAINWEB%.%WIKIUSERSTOPIC% topic. This is also handled automatically when you register. * %X% In the original TWiki distribution, in ==twiki/data==, there are two registration form topics, TWikiRegistration and TWikiRegistrationPub. The original form includes an intranet Login Username field. For Basic Authentication, the original form is replaced by the Pub version. If you started using TWiki on Basic Authentication and want to change, you have to switch back forms for future use, and manually correct the existing entries, by editing %MAINWEB%.%WIKIUSERSTOPIC%, adding the Login Username for each member - =PeterThoeny - pthoeny - 01 Jan 1999= - and also in the ==.htpasswd== file, where you can either replace the WikiNames or duplicate the entries and have both, so both usernames will work. <blockquote> __NOTE:__ *To correctly enter a WikiName* - your own or someone else's - be sure to include the %MAINWEB% web name in front of the Wiki username, followed by a period, and no spaces. Ex: <div align="center"> ==%MAINWEB%.<nop>WikiUsername== or ==%<nop>MAINWEB%.<nop>WikiUsername== </div> This points ==<nop>WikiUser== to the %WIKITOOLNAME%.%MAINWEB% web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic everywhere but in the %MAINWEB% web. </blockquote> #ChangingPasswords ---++ Changing Passwords Change and reset passwords using forms on regular pages. Use TWikiAccessControl to restrict use as required. * The ChangePassword form ( ==TWiki/ChangePassword== ): <blockquote style="background-color:#f5f5f5"> %INCLUDE{"ChangePassword"}% </blockquote> * The ResetPassword form ( ==TWiki/ResetPassword== ): <blockquote style="background-color:#f5f5f5"> %INCLUDE{"ResetPassword"}% </blockquote> -- TWiki:Main.MikeMannix - 19 May 2002 %BR% -- TWiki:Main.PeterThoeny - 25 Apr 2004 %STOPINCLUDE%
to top
End of topic
Skip to action links
|
Back to top
Edit
|
Attach image or document
|
Printable version
|
Raw text
|
More topic actions
Revisions: | r1.19 |
>
|
r1.18
|
>
|
r1.17
|
Total page history
|
Backlinks
You are here:
TWiki
>
TWikiUserAuthentication
to top
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki?
Send feedback
Project hosting provided by:
Donations welcome: