summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMikeMannix <MikeMannix>2001-08-29 15:20:37 +0000
committerMikeMannix <MikeMannix>2001-08-29 15:20:37 +0000
commite7301562e3de93f9fa1973120fff795a7c0aa780 (patch)
tree123ab1a850fa61be39657970f5338742acbd6247
parent06f73a1cbdab2304e3f1bf0c1f7664f5e0a42abd (diff)
none
-rw-r--r--TWiki/TWikiUserAuthentication.mdwn59
1 files changed, 49 insertions, 10 deletions
diff --git a/TWiki/TWikiUserAuthentication.mdwn b/TWiki/TWikiUserAuthentication.mdwn
index faab0ccc..7dd70c22 100644
--- a/TWiki/TWikiUserAuthentication.mdwn
+++ b/TWiki/TWikiUserAuthentication.mdwn
@@ -1,19 +1,58 @@
+%TOC% %STARTINCLUDE%
+
## <a name="TWiki_Authentication"> TWiki Authentication </a>
-TWiki does not authenticate users internally, it depends on the <code>**REMOTE\_USER**</code> environment variable. This variable is set when you enable basic authentication or authentication via SSL (https protocol)
+TWiki does not authenticate users internally, it depends on the <code>**REMOTE\_USER**</code> environment variable. This variable is set when you enable basic authentication or authentication via SSL (https protocol).
+
+TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity.
+
+### <a name="Authentication_Options"> Authentication Options </a>
+
+No special installation steps need to be performed if the server is already authenticated. If not, you have three remaining options to controlling user access:
+
+1. **Forget about authentication.** All changes are registered to %MAINWEB%.TWikiGuest user, so you can't tell who made changes. Your site is completely open and public.
+2. **Use Basic Authentication** for the <code>**edit**</code> and <code>**attach**</code> scripts. This uses .htaccess and generates the familiar grey log-in window. [[TWikiDocumentation]] has more.
+3. **Use SSL** to authenticate and secure the whole server.
+
+### <a name="Tracking_by_IP_Address"> Tracking by IP Address </a>
+
+The <code>**REMOTE\_USER**</code> environment variable is only set for the scripts that are under authentication. If, for example, the <code>**edit**</code>, <code>**save**</code> and <code>**preview**</code> scripts are authenticated, but not <code>**view**</code>, you would get your [[WikiName]] in <code>**preview**</code> for the <code>**%WIKIUSERNAME%**</code> variable, but <code>**view**</code> will show <code>**TWikiGuest**</code> instead of your WikiName.
+
+There is a way to tell TWiki to remember the user for the scripts that are not authenticated, ex: in case the <code>**REMOTE\_USER**</code> environment variable is not set. TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts like <code>**view**</code> will show the correct username instead of <code>**TWikiGuest**</code>. You can enable this by setting the <code>**$doRememberRemoteUser**</code> flag in <code>**TWiki.cfg**</code>. TWiki persistently stores the IP address / username pairs in file <code>**$remoteUserFilename**</code>, which is <code>**"$dataDir/remoteusers.txt"**</code> by default. Please note that this can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers.
+
+**Authentication Test:** You are %WIKIUSERNAME% (%WIKIUSERNAME%)
-TWiki keeps track who made changes to topics at what time. This gives a complete audit trail of changes.
+### <a name="TWiki_Username_vs_Login_Username"> TWiki Username vs. Login Username </a>
-No special installation steps need to be performed in case the server is already autenticated. If not you can opt for one of these:
+This section applies only if your %WIKITOOLNAME% is installed on a server that is both **authenticated** and on an **intranet**.
-* Forget about authentication. All changes will be registered as %MAINWEB%.TWikiGuest user, e.g. you can't tell who made changes.
-* Use basic authentication for the <code>**edit**</code> and <code>**attach**</code> scripts. [[TWikiDocumentation]] tells you more about that.
-* Use SSL to authenticate and secure the whole server.
+%WIKITOOLNAME% internally manages two usernames: Login username and TWiki username.
-The <code>**REMOTE\_USER**</code> environment variable is only set for the scripts that are under authentication. If for example the <code>**edit**</code>, <code>**save**</code> and <code>**preview**</code> scripts are authenticated, but not <code>**view**</code>, you would get your [[WikiName]] in <code>**preview**</code> for the <code>**%WIKIUSERNAME%**</code> variable, but <code>**view**</code> will show <code>**TWikiGuest**</code> instead of your WikiName.
+* **Login username:** When you login to the intranet, you use your existing login username, ex: <code>**pthoeny**</code>. This name is normally passed to %WIKITOOLNAME% by the <code>**REMOTE\_USER**</code> environment variable, and used by internally by %WIKITOOLNAME%. Login usernames are maintained by your system administrator.
+* **TWiki username:** Your name in [[WikiNotation]], ex: <code>**PeterThoeny**</code>, is recorded when you register using [[TWikiRegistration]]; doing so also generates a personal home page in the %MAINWEB% web.
-There is a way to tell TWiki to remember the user for the scripts that are not authenticated, e.g. for the case where the <code>**REMOTE\_USER**</code> environment variable is not set. TWiki can be configured to remember the IP address / username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non authenticated scripts like <code>**view**</code> will show the correct username instead of <code>**TWikiGuest**</code>. You can enable this by setting the <code>**$doRememberRemoteUser**</code> flag in <code>**TWiki.cfg**</code>. TWiki persistently stores the IP address / username pairs in file <code>**$remoteUserFilename**</code>, which is <code>**"$dataDir/remoteusers.txt"**</code> by default. Please note that this can fail in case the IP address changes due to dynamically assigned IP addresses or proxy servers.
+%WIKITOOLNAME% can automatically map an intranet username to a TWiki username, provided that the username pair exists in the %MAINWEB%.%WIKIUSERSTOPIC% topic. This is also handled automatically when you register.
-Test: You are %WIKIUSERNAME%.
+> **_NOTE:_**
+>
+> **To correctly enter a [[WikiName]]**
+>
+> - your own or someone else's - be sure to include the %MAINWEB% web name in front of the Wiki username, followed by a period, and no spaces. Ex:
+>
+> <div>
+> <center><code><b>%MAINWEB%.<nop>WikiUsername</nop></b></code> or <code><b>%<nop>MAINWEB%.<nop>WikiUsername</nop></nop></b></code></center>
+> </div>
+>
+> This points
+>
+> <code>**WikiUser**</code>
+>
+> to the %WIKITOOLNAME%.%MAINWEB% web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a
+>
+>
+>
+> [[NewTopic]]
+>
+> everywhere but in the %MAINWEB% web.
--- [[PeterThoeny]] - 16 Mar 2001 <br />
+-- [[PeterThoeny]] - 16 Mar 2001 <br /> -- [[MikeMannix]] - 29 Aug 2001