diff options
Diffstat (limited to 'TWiki/TWikiUserAuthentication.mdwn')
| -rw-r--r-- | TWiki/TWikiUserAuthentication.mdwn | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/TWiki/TWikiUserAuthentication.mdwn b/TWiki/TWikiUserAuthentication.mdwn deleted file mode 100644 index c62170a8..00000000 --- a/TWiki/TWikiUserAuthentication.mdwn +++ /dev/null @@ -1,85 +0,0 @@ -%TOC% %STARTINCLUDE% - -# <a name="TWiki_User_Authentication"> TWiki User Authentication </a> - -_TWiki site access control and user activity tracking_ - -## <a name="Overview"> Overview </a> - -TWiki does not authenticate users internally, it depends on the `REMOTE_USER` environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol). - -TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity. - -## <a name="Authentication_Options"> Authentication Options </a> - -No special installation steps are required if the server is already authenticated. If it isn't, you have three standard options for controlling user access: - -1. **Forget about authentication** to make your site completely public - anyone can browse and edit freely, in classic Wiki mode. All visitors are assigned the %MAINWEB%.TWikiGuest default identity, so you can't track individual user activity. <br /> -2. **Use SSL** (Secure Sockets Layer; HTTPS) to authenticate and secure the whole server. <br /> -3. **Use Basic Authentication (.htaccess)** to control access by protecting key scripts: `attach`, `edit=`, `installpasswd`, `preview`, `rename`, `save`, `upload` using the .htaccess file. The [[TWikiInstallationGuide]] has step-by-step instructions. - -### <a name="Partial_Authentication"> Partial Authentication </a> - -**Tracking by IP address** is an experimental feature, enabled in `lib/TWiki.cfg`. It lets you combine open access to some functions, with authentication on others, with full user activity tracking: - -* Normally, the <code>**REMOTE\_USER**</code> environment variable is set for the scripts that are under authentication. If, for example, the <code>**edit**</code>, <code>**save**</code> and <code>**preview**</code> scripts are authenticated, but not <code>**view**</code>, you would get your [[WikiName]] in <code>**preview**</code> for the <code>**%WIKIUSERNAME%**</code> variable, but <code>**view**</code> will show <code>**TWikiGuest**</code> instead of your WikiName. - -* TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts, like <code>**view**</code>, will show the correct username instead of %MAINWEB%.TWikiGuest. - -* Enable this feature by setting the <code>**$doRememberRemoteUser**</code> flag in `TWiki.cfg`. TWiki then persistently stores the IP address/username pairs in the file, `$remoteUserFilename`, which is `"$dataDir/remoteusers.txt"` by default. - -* **_NOTE:_** This approach can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers. - -**Quick Authentication Test** - Use the %WIKIUSERNAME% variable to return your current identity: - -* You are %WIKIUSERNAME% - -## <a name="TWiki_Username_vs_Login_Username"> TWiki Username vs. Login Username </a> - -This section applies only if your %WIKITOOLNAME% is installed on a server that is both **authenticated** and on an **intranet**. - -%WIKITOOLNAME% internally manages two usernames: Login username and TWiki username. - -* **Login username:** When you login to the intranet, you use your existing login username, ex: <code>**pthoeny**</code>. This name is normally passed to %WIKITOOLNAME% by the <code>**REMOTE\_USER**</code> environment variable, and used by internally by %WIKITOOLNAME%. Login usernames are maintained by your system administrator. - -* **TWiki username:** Your name in [[WikiNotation]], ex: <code>**PeterThoeny**</code>, is recorded when you register using [[TWikiRegistration]]; doing so also generates a personal home page in the %MAINWEB% web. - -%WIKITOOLNAME% can automatically map an intranet username to a TWiki username, provided that the username pair exists in the %MAINWEB%.%WIKIUSERSTOPIC% topic. This is also handled automatically when you register. - -> **_NOTE:_** -> -> **To correctly enter a [[WikiName]]** -> -> - your own or someone else's - be sure to include the %MAINWEB% web name in front of the Wiki username, followed by a period, and no spaces. Ex: -> -> <div> -> <center><code><b>%MAINWEB%.<nop>WikiUsername</nop></b></code> or <code><b>%<nop>MAINWEB%.<nop>WikiUsername</nop></nop></b></code></center> -> </div> -> -> This points -> -> <code>**WikiUser**</code> -> -> to the %WIKITOOLNAME%.%MAINWEB% web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a -> -> -> -> [[NewTopic]] -> -> everywhere but in the %MAINWEB% web. - -<a name="ChangingPasswords"></a> - -## <a name="Changing_Passwords"> Changing Passwords </a> - -Change and reset passwords using forms on regular pages. Use [[TWikiAccessControl]] to restrict use as required. - -* The [[ChangePassword]] form ( <code>**TWiki/ChangePassword**</code> ): - -> %INCLUDE\{"ChangePassword"\}% - -* The [[ResetPassword]] form ( <code>**TWiki/ResetPassword**</code> ): - -> %INCLUDE\{"ResetPassword"\}% - --- [[MikeMannix]] - 29 Aug 2001 |