Difference: TWikiUserAuthentication (24 vs. 25)

Revision 252007-04-19 - TWikiContributor

Line: 1 to 1
 

TWiki User Authentication

Line: 30 to 30
 

Password Management

Changed:
<
<
As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the [[/bin/configure][configure] interface for more details.
>
>
As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the configure interface for more details.
  You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases.
Line: 48 to 48
  The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support.
Added:
>
>
ALERT! Note: If you are restricting the entire Main web to TWikiGuest, you are required to add TWikiRegistrationAgent to ALLOWWEBCHANGE in your Main/WebPreferences. By doing so, new users are able to register without any errors.
 

Login Management

Line: 61 to 63
 ALERT! Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators.

Changed:
<
<

Template Login (select TWiki::Client::TemplateLogin in configure)

>
>

Template Login (select TWiki::LoginManager::TemplateLogin in configure)

  Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.

Enabling Template Login

  1. Use the configure interface to
Changed:
<
<
    1. select the TWiki::Client::TemplateLogin login manager (on the Security Settings pane).
>
>
    1. select the TWiki::LoginManager::TemplateLogin login manager (on the Security Settings pane).
 
    1. select the appropriate password manager for your system, or provide your own.
Added:
>
>
    1. HELP there is also an EXPERT configure setting {TemplateLogin}{PreventBrowserRememberingPassword} that you can set to prevent Browsers from remembering username and passwords if you are concerned about public terminal usage.
 
  1. Register yourself in the TWikiRegistration topic.
    HELP Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
  2. Create a new topic to check if authentication works.
Line: 84 to 87
 TIP The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate topic, which will then override the default.

Changed:
<
<

Apache Login (select TWiki::Client::ApacheLogin in configure)

>
>

Apache Login (select TWiki::LoginManager::ApacheLogin in configure)

  Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver.
Line: 100 to 103
 

Enabling Apache Login using mod_auth

You can use any other Apache authentication module that sets REMOTE_USER.
Changed:
<
<
  1. Use configure to select the TWiki::Client::ApacheLogin login manager.
>
>
  1. Use configure to select the TWiki::LoginManager::ApacheLogin login manager.
 
  1. Use configure to set up TWiki to create the right kind of .htpasswd entries.
  2. Create a .htaccess file in the twiki/bin directory.
    HELP There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what need to be done.
    HELP If you got it right, the browser should now ask for login name and password when you click on the Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support)
    ALERT! At this time TWikiAccessControls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access
Line: 115 to 118
 

Logons via bin/logon

Changed:
<
<
Any time a user enters a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on.
>
>
Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on.
 
Changed:
<
<
The bin/logon script accomplishes this. The bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user. However, once authenticated, it will simply redirect the user to the view URL for the page from which the logon script was linked.
>
>
The bin/logon script enables this. If you are using Apache Login, the bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user. Once authenticated, it will redirect the user to the view URL for the page from which the logon script was linked.
 

Sessions

Line: 222 to 225
  Related Topics: AdminDocumentationCategory, TWikiAccessControl, TWiki:TWiki.TWikiUserAuthenticationSupplement, TWiki:TWiki.SecuringTWikiSite
Changed:
<
<
-- Contributors: TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie
>
>
-- Contributors: TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie, TWiki:Main.SvenDowideit
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiUserAuthentication.