|
TWiki User Authentication |
| You can select your chosen login through the Security Settings pane in the configure interface. |
|
< < | No Login |
> > | No Login (select none in configure) |
| Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity, so you can't track individual user activity.
Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to the TWikiAdminGroup. |
|
< < | Template Login |
> > | Template Login (select TWiki::Client::TemplateLogin in configure) |
| Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out.
Enabling Template Login
- Use the
configure interface to
|
|
< < |
-
- enable the
TemplateLogin login manager (on the Security Settings pane).
|
> > |
-
- select the
TWiki::Client::TemplateLogin login manager (on the Security Settings pane).
|
|
-
- select the appropriate password manager for your system, or provide your own.
- Register yourself in the TWikiRegistration topic.
|
|
< < | Check that the password manager recongises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file. |
> > | Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file. |
|
- Create a new topic to check if authentication works.
- Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.
This is a very important step, as users in this group can access all topics, independent of TWiki access controls.
|
| You can customize the default user home page in NewUserTemplate. The same variables get expanded as in the template topics |
|
< < | Apache Login |
> > | Apache Login (select TWiki::Client::ApacheLogin in configure) |
| Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver. |
| The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support. This allows the TWiki registration support to maintain usernames and passwords. |
|
> > | Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file. |
| Enabling Apache Login using mod_auth
You can use any other Apache authentication module that sets REMOTE_USER. |
|
< < |
- Use configure to select the
ApacheLogin login manager.
|
> > |
- Use configure to select the
TWiki::Client::ApacheLogin login manager.
|
|
- Use configure to set up TWiki to create the right kind of
.htpasswd entries.
- Create a
.htaccess file in the twiki/bin directory. There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what need to be done. If you got it right, the browser should now ask for login name and password when you click on the Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support) At this time TWikiAccessControls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access
|
| |
|
> > | Note that you cannot override access controls preferences this way. |
| Cookies and Transparent Session IDs
TWiki normally uses cookies to store session information on a client computer. Cookies are a common way to pass session information from client to server. TWiki cookies simply hold a unique session identifier that is used to look up a database of session information on the TWiki server. |