| |
TWiki User Authentication |
| | Authentication Options |
|
<
< | No special installation steps need to be performed if the server is already authenticated. If not, you have three remaining options to controlling user access:
- Forget about authentication. All changes are registered to TWikiGuest user, so you can't tell who made changes. Your site is completely open and public - anyone can browse and edit freely, in classic Wiki mode.
- Use Basic Authentication for the
edit and attach scripts. This uses .htaccess and generates the familiar grey log-in window. The TWiki Installation Guide has step-by-step instructions.
- Use SSL to authenticate and secure the whole server.
|
>
> | No special installation steps need to be performed if the server is already authenticated. If not, you have three standard options for controlling user access:
- Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki mode. All visitors are assigned the TWikiGuest default identity, so you can't track individual user activity.
- Use SSL (Secure Sockets Layer; HTTPS) to authenticate and secure the whole server.
- Use Basic Authentication (HTAccess) to control access by protecting key scripts:
attach, edit=, installpasswd, password, preview, rename, save, upload, view, viewfile using .htaccess files. The TWiki Installation Guide has step-by-step instructions.
|
| | |
|
<
< | Tracking by IP Address |
>
> | Partial Authentication |
| | |
|
<
< | The REMOTE_USER environment variable is only set for the scripts that are under authentication. If, for example, the edit, save and preview scripts are authenticated, but not view, you would get your WikiName in preview for the %WIKIUSERNAME% variable, but view will show TWikiGuest instead of your WikiName. |
>
> | Tracking by IP address is an experimental feature, enabled in lib/TWiki.cfg. It lets you combine open access to some functions, with authentication on others, with full user activity tracking: |
| | |
|
<
< | There is a way to tell TWiki to remember the user for the scripts that are not authenticated, ex: in case the REMOTE_USER environment variable is not set. TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts like view will show the correct username instead of TWikiGuest. You can enable this by setting the $doRememberRemoteUser flag in TWiki.cfg. TWiki persistently stores the IP address/username pairs in the file $remoteUserFilename, which is "$dataDir/remoteusers.txt" by default. Please note that this can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers. |
>
> |
- Normally, the
REMOTE_USER environment variable is set for the scripts that are under authentication. If, for example, the edit, save and preview scripts are authenticated, but not view, you would get your WikiName in preview for the %WIKIUSERNAME% variable, but view will show TWikiGuest instead of your WikiName.
|
| | |
|
<
< | Authentication Test: You are TWikiGuest (%WIKIUSERNAME%) |
>
> |
- TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts, like
view, will show the correct username instead of TWikiGuest.
- Enable this feature by setting the
$doRememberRemoteUser flag in TWiki.cfg. TWiki then persistently stores the IP address/username pairs in the file, $remoteUserFilename, which is "$dataDir/remoteusers.txt" by default.
- NOTE: This approach can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers.
Quick Authentication Test - Use the %WIKIUSERNAME% variable to return your current identity:
|
| | TWiki Username vs. Login Username |
| | TWiki can automatically map an intranet username to a TWiki username, provided that the username pair exists in the TWikiUsers topic. This is also handled automatically when you register.
|
|
<
< | NOTE: To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces. Ex: |
>
> | NOTE: To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces. Ex: |
| | Main.WikiUsername or %MAINWEB%.WikiUsername
This points WikiUser to the TWiki.Main web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic? everywhere but in the Main web.
|
| |
Changing Passwords |
|
<
< | Change and reset passwords using forms on regular pages. Use topic-level TWikiAccessControl to restrict use as required. |
>
> | Change and reset passwords using forms on regular pages. Use TWikiAccessControl to restrict use as required. |
| | |
|
<
< | |
>
> | |
| |
Forgotten your password? Use ResetPassword instead.
|
|
<
< | |
>
> | |
| |
Remember your password? Use ChangePassword instead. Otherwise, use this form to get a new one e-mailed to you.
|
If you have any questions, please contact