diff options
author | MikeMannix <MikeMannix> | 2001-09-02 05:32:08 +0000 |
---|---|---|
committer | MikeMannix <MikeMannix> | 2001-09-02 05:32:08 +0000 |
commit | 717d6add2cbed2745c0fa7cae47bdb0a8269d3b9 (patch) | |
tree | fb5571ac7e510928272c891ee3d89a930036fa07 | |
parent | 6183c8092fd459f37a5f287b0532d6b6bbd80f31 (diff) |
none
-rw-r--r-- | TWiki/TWikiUserAuthentication.mdwn | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/TWiki/TWikiUserAuthentication.mdwn b/TWiki/TWikiUserAuthentication.mdwn index 8230795e..0bd49f1c 100644 --- a/TWiki/TWikiUserAuthentication.mdwn +++ b/TWiki/TWikiUserAuthentication.mdwn @@ -2,7 +2,11 @@ ## <a name="TWiki_User_Authentication"> TWiki User Authentication </a> -TWiki does not authenticate users internally, it depends on the <code>**REMOTE\_USER**</code> environment variable. This variable is set when you enable basic authentication or authentication via SSL (https protocol). +Controlling TWiki site access and logging authorized user activity + +### <a name="Overview"> Overview </a> + +TWiki does not authenticate users internally, it depends on the <code>**REMOTE\_USER**</code> environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol). TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity. @@ -10,15 +14,15 @@ TWiki uses visitor identification to keep track of who made changes to topics at No special installation steps need to be performed if the server is already authenticated. If not, you have three remaining options to controlling user access: -1. **Forget about authentication.** All changes are registered to %MAINWEB%.TWikiGuest user, so you can't tell who made changes. Your site is completely open and public. -2. **Use Basic Authentication** for the <code>**edit**</code> and <code>**attach**</code> scripts. This uses .htaccess and generates the familiar grey log-in window. [[TWikiDocumentation]] has more. +1. **Forget about authentication.** All changes are registered to %MAINWEB%.TWikiGuest user, so you can't tell who made changes. Your site is completely open and public - anyone can browse and edit freely, in classic Wiki mode.<br /> +2. **Use Basic Authentication** for the <code>**edit**</code> and <code>**attach**</code> scripts. This uses .htaccess and generates the familiar grey log-in window. The [[TWikiDocumentation]] has step-by-step instructions.<br /> 3. **Use SSL** to authenticate and secure the whole server. ### <a name="Tracking_by_IP_Address"> Tracking by IP Address </a> The <code>**REMOTE\_USER**</code> environment variable is only set for the scripts that are under authentication. If, for example, the <code>**edit**</code>, <code>**save**</code> and <code>**preview**</code> scripts are authenticated, but not <code>**view**</code>, you would get your [[WikiName]] in <code>**preview**</code> for the <code>**%WIKIUSERNAME%**</code> variable, but <code>**view**</code> will show <code>**TWikiGuest**</code> instead of your WikiName. -There is a way to tell TWiki to remember the user for the scripts that are not authenticated, ex: in case the <code>**REMOTE\_USER**</code> environment variable is not set. TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts like <code>**view**</code> will show the correct username instead of <code>**TWikiGuest**</code>. You can enable this by setting the <code>**$doRememberRemoteUser**</code> flag in <code>**TWiki.cfg**</code>. TWiki persistently stores the IP address / username pairs in file <code>**$remoteUserFilename**</code>, which is <code>**"$dataDir/remoteusers.txt"**</code> by default. Please note that this can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers. +There is a way to tell TWiki to remember the user for the scripts that are not authenticated, ex: in case the <code>**REMOTE\_USER**</code> environment variable is not set. TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts like <code>**view**</code> will show the correct username instead of <code>**TWikiGuest**</code>. You can enable this by setting the <code>**$doRememberRemoteUser**</code> flag in <code>**TWiki.cfg**</code>. TWiki persistently stores the IP address/username pairs in the file <code>**$remoteUserFilename**</code>, which is <code>**"$dataDir/remoteusers.txt"**</code> by default. Please note that this can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers. **Authentication Test:** You are %WIKIUSERNAME% (%WIKIUSERNAME%) @@ -33,11 +37,15 @@ This section applies only if your %WIKITOOLNAME% is installed on a server that i %WIKITOOLNAME% can automatically map an intranet username to a TWiki username, provided that the username pair exists in the %MAINWEB%.%WIKIUSERSTOPIC% topic. This is also handled automatically when you register. -> **_NOTE:_** +> **NOTE:** +> +> \*To correctly enter a +> +> > -> **To correctly enter a [[WikiName]]** +> [[WikiName]] > -> - your own or someone else's - be sure to include the %MAINWEB% web name in front of the Wiki username, followed by a period, and no spaces. Ex: +> \* - your own or someone else's - be sure to include the %MAINWEB% web name in front of the Wiki username, followed by a period, and no spaces. Ex: > > <div> > <center><code><b>%MAINWEB%.<nop>WikiUsername</nop></b></code> or <code><b>%<nop>MAINWEB%.<nop>WikiUsername</nop></nop></b></code></center> |