• TWiki User Authentication
  • Overview
  • Authentication Options
    • Partial Authentication
  • TWiki Username vs. Login Username
  • Changing Passwords

TWiki User Authentication

TWiki site access control and user activity tracking

Overview

TWiki does not authenticate users internally, it depends on the REMOTE_USER environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol).

TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity.

Authentication Options

No special installation steps are required if the server is already authenticated. If it isn't, you have three standard options for controlling user access:

1. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki mode. All visitors are assigned the TWiki Guest default identity, so you can't track individual user activity.
   
2. Use SSL (Secure Sockets Layer; HTTPS) to authenticate and secure the whole server.
   
3. Use Basic Authentication (.htaccess) to control access by protecting key scripts: attach, edit=, installpasswd, preview, rename, save, upload using the .htaccess file. The TWiki Installation Guide has step-by-step instructions.

Partial Authentication

Tracking by IP address is an experimental feature, enabled in lib/TWiki.cfg. It lets you combine open access to some functions, with authentication on others, with full user activity tracking:

• Normally, the REMOTE_USER environment variable is set for the scripts that are under authentication. If, for example, the edit, save and preview scripts are authenticated, but not view, you would get your Wiki Name in preview for the %WIKIUSERNAME% variable, but view will show TWikiGuest instead of your WikiName.

• TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts, like view, will show the correct username instead of TWiki Guest.

• Enable this feature by setting the $doRememberRemoteUser flag in TWiki.cfg. TWiki then persistently stores the IP address/username pairs in the file, $remoteUserFilename, which is "$dataDir/remoteusers.txt" by default.

• NOTE: This approach can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers.

Quick Authentication Test - Use the %WIKIUSERNAME% variable to return your current identity:

• You are Main.guest

TWiki Username vs. Login Username

This section applies only if your linux.org.ua is installed on a server that is both authenticated and on an intranet.

linux.org.ua internally manages two usernames: Login username and TWiki username.

• Login username: When you login to the intranet, you use your existing login username, ex: pthoeny. This name is normally passed to linux.org.ua by the REMOTE_USER environment variable, and used by internally by linux.org.ua. Login usernames are maintained by your system administrator.

• TWiki username: Your name in Wiki Notation, ex: PeterThoeny, is recorded when you register using TWiki Registration; doing so also generates a personal home page in the Main web.

linux.org.ua can automatically map an intranet username to a TWiki username, provided that the username pair exists in the TWiki Users? topic. This is also handled automatically when you register.

NOTE: To correctly enter a Wiki Name - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces. Ex:

Main.WikiUsername or %MAINWEB%.WikiUsername

This points WikiUser to the linux.org.ua.Main web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a New Topic? everywhere but in the Main web.

Changing Passwords

Change and reset passwords using forms on regular pages. Use TWiki Access Control to restrict use as required.

• The Change Password form ( TWiki/ChangePassword ):

Change password

Forgot your old password? Then use Reset Password instead. Please only use Reset Password in case you really forgot your password. Thank you.

Your Wiki Name:	**
Old password	**
New password	**
Retype new password	**
	(Fields marked ** are required)

After submitting this form your password will be changed.

• The Reset Password form ( TWiki/ResetPassword ):

Request for reset of password

Please only use this ResetPassword form in case you really forgot your password. Otherwise just change it using Change Password. Thank you.

Your Wiki Name:	**
New password	**
Retype new password	**
	(Fields marked ** are required)

After submitting this form you will receive a page with your new password appearing encrypted.

-- Mike Mannix - 29 Aug 2001