TWiki User Authentication
Controlling TWiki site access and logging authorized user activityOverview
TWiki does not authenticate users internally, it depends on theREMOTE_USER
environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol).
TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity.
Authentication Options
No special installation steps need to be performed if the server is already authenticated. If not, you have three remaining options to controlling user access:- Forget about authentication. All changes are registered to TWikiGuest? user, so you can't tell who made changes. Your site is completely open and public - anyone can browse and edit freely, in classic Wiki mode.
- Use Basic Authentication for the
edit
andattach
scripts. This uses .htaccess and generates the familiar grey log-in window. The TWiki Installation Guide has step-by-step instructions.
- Use SSL to authenticate and secure the whole server.
Tracking by IP Address
TheREMOTE_USER
environment variable is only set for the scripts that are under authentication. If, for example, the edit
, save
and preview
scripts are authenticated, but not view
, you would get your WikiName in preview
for the %WIKIUSERNAME%
variable, but view
will show TWikiGuest
instead of your WikiName.
There is a way to tell TWiki to remember the user for the scripts that are not authenticated, ex: in case the REMOTE_USER
environment variable is not set. TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts like view
will show the correct username instead of TWikiGuest
. You can enable this by setting the $doRememberRemoteUser
flag in TWiki.cfg
. TWiki persistently stores the IP address/username pairs in the file $remoteUserFilename
, which is "$dataDir/remoteusers.txt"
by default. Please note that this can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers.
Authentication Test: You are TWikiGuest? (%WIKIUSERNAME%)
TWiki Username vs. Login Username
This section applies only if your netfrag.org is installed on a server that is both authenticated and on an intranet. netfrag.org internally manages two usernames: Login username and TWiki username.- Login username: When you login to the intranet, you use your existing login username, ex:
pthoeny
. This name is normally passed to netfrag.org by theREMOTE_USER
environment variable, and used by internally by netfrag.org. Login usernames are maintained by your system administrator. - TWiki username: Your name in WikiNotation, ex:
PeterThoeny
, is recorded when you register using TWikiRegistration; doing so also generates a personal home page in the Main web.
NOTE: *To correctly enter a WikiName* - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces. Ex:-- PeterThoeny - 16 Mar 2001This pointsMain.WikiUsername
or%MAINWEB%.WikiUsername
WikiUser
to the netfrag.org.Main web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic? everywhere but in the Main web.
-- MikeMannix - 29 Aug 2001