Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Deleted: | ||||||||
< < | ||||||||
Changed: | ||||||||
< < | TWiki User Authentication | |||||||
> > | TWiki User Authentication | |||||||
TWiki site access control and user activity tracking options | ||||||||
Added: | ||||||||
> > | ||||||||
OverviewAuthentication, or "login", is the process by which a user lets TWiki know who they are. | ||||||||
Line: 26 to 27 | ||||||||
Tip: TWiki:TWiki.TWikiUserAuthenticationSupplement on TWiki.org has supplemental documentation on user authentication. | ||||||||
Added: | ||||||||
> > | ||||||||
Password ManagementAs shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of.htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the [[/twiki/bin/configure][configure] interface for more details.
You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases. | ||||||||
Added: | ||||||||
> > | ||||||||
User MappingOften when you are using an external authentication method, you want to map from an unfriendly "login name" to a more friendly WikiName. Also, an external authentication database may well have user information you want to import to TWiki, such as user groups. By default, TWiki supports mapping of usernames to wikinames, and supports TWiki groups internal to TWiki. If you want, you can plug in an alternate user mapping module to support import of groups etc. | ||||||||
Added: | ||||||||
> > | ||||||||
User RegistrationNew user registration uses the password manager to set and change passwords and store email addresses. It is also responsible for the new user verification process. the registration process supports single user registration via the TWikiRegistration page, and bulk user registration via the BulkRegistration page (for admins only). The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support. | ||||||||
Added: | ||||||||
> > | ||||||||
Login ManagementLogin management controls the way users have to log in. There are three basic options; no login, login via a TWiki login page, and login using the webserver authentication support. | ||||||||
Added: | ||||||||
> > | ||||||||
No Login (select | ||||||||
Changed: | ||||||||
< < | Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity, so you can't track individual user activity. | |||||||
> > | Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity, so you can't track individual user activity. | |||||||
Changed: | ||||||||
< < | Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to the TWikiAdminGroup. | |||||||
> > | Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators. | |||||||
Added: | ||||||||
> > | ||||||||
Template Login (select | ||||||||
Changed: | ||||||||
< < | Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. | |||||||
> > | Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser. | |||||||
Enabling Template Login
| ||||||||
Line: 65 to 72 | ||||||||
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
This is a very important step, as users in this group can access all topics, independent of TWiki access controls. TWikiAccessControl has more information on setting up access controls. At this time TWikiAccessControls cannot control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up in the webserver to allow open access you may want to add .htaccess files in there to restrict access. | ||||||||
Changed: | ||||||||
< < | You can create a custom version of the TWikiRegistration form by deleting or adding input tags. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. | |||||||
> > | You can create a custom version of the TWikiRegistration form by copying the topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade. | |||||||
Changed: | ||||||||
< < | You can customize the default user home page in NewUserTemplate. The same variables get expanded as in the template topics | |||||||
> > | The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate? topic, which will then override the default. | |||||||
Added: | ||||||||
> > | ||||||||
Apache Login (select
Using this method TWiki does not authenticate users internally. Instead it depends on the | ||||||||
Line: 84 to 92 | ||||||||
The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser. | ||||||||
Changed: | ||||||||
< < | TWiki maps the REMOTE_USER that was used to log in to the webserver to a WikiName using the table in TWikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their WikiName). | |||||||
> > | TWiki maps the REMOTE_USER that was used to log in to the webserver to a WikiName using the table in TWikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their WikiName). | |||||||
The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support. | ||||||||
Line: 96 to 104 | ||||||||
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
This is a very important step, as users in this group can access all topics, independent of TWiki access controls. TWikiAccessControl has more information on setting up access controls. | ||||||||
Line: 111 to 119 | ||||||||
The bin/logon script accomplishes this. The bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user . However, once authenticated, it will simply redirect the user to the view URL for the page from which the logon script was linked. | ||||||||
Added: | ||||||||
> > | ||||||||
SessionsTWiki uses the CPAN:CGI::Session and CPAN:CGI::Cookie modules to track sessions. These modules are de facto standards for session management among Perl programmers. If you can't use Cookies for any reason, CPAN:CGI::Session also supports session tracking using the client IP address. | ||||||||
Line: 139 to 148 | ||||||||
For a number of reasons, it may not be possible to use cookies. In this case, TWiki has a fallback mechanism; it will automatically rewrite every internal URL it sees on pages being generated to one that also passes session information. | ||||||||
Added: | ||||||||
> > | ||||||||
TWiki Username vs. Login UsernameThis section applies only if you are using authentication with existing login names (i.e. mapping from login names to WikiNames). | ||||||||
Line: 147 to 157 | ||||||||
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
TWiki can automatically map an Intranet (Login) Username to a TWiki Username if the {AllowLoginName} is enabled in configure. The default is to use your WikiName as a login name. | ||||||||
Changed: | ||||||||
< < | NOTE: To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces, for example Main.WikiUsername or %MAINWEB%.WikiUsername .
This points WikiUsername to the Main web, where user home pages are located, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic? everywhere but in the Main web. | |||||||
> > | NOTE: To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces, for example Main.WikiUsername or %USERSWEB%.WikiUsername .
This points WikiUsername to the Main web, where user home pages are located, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic? everywhere but in the Main web. | |||||||