Register users on your TWiki site; change/reset/install passwords; remove user accounts
Authentication and Access Control
It is not necessary to have user home pages in the TWiki system for Authentication to work - see TWikiUserAuthentication
- TWikiRegistration is for users to fill out a form
- NewUserTemplate can be changed to customize user home pages, it can optionally use the UserForm to define user fields as meta data
- BulkRegistration is for administrators to use to set up one or more accounts: either from a table or from an external file
Change, Reset and Install Passwords
- ChangePassword is for users who can remember their password and want to change it
- ResetPassword is for users who cannot remember their password; a system generated password is e-mailed to them
- BulkResetPassword if for administrators who want to reset many passwords at once
Removing User Accounts
To remove a user account (FredQuimby, who logs in as "fred"):
- If you are using a
.htpasswd file, edit the
.htpasswd file to delete the line starting
- Remove the
FredQuimby - fred line from the Main.TWikiUsers topic
FredQuimby from all groups and from all the
ALLOWWEB/ALLOWTOPIC... declarations, if any.
Note: If you fail to do this you risk creating a security hole, as the next user to register with the wikiname FredQuimby will inherit the old FredQuimby's permissions.
- [optional] Delete their user topic Main.FredQuimby.
Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic
. If you want to make it clear the user is no longer with the organization or has been banished, replace the topic content with a note to that effect. The existance of the UserName topic should also prevent that user name from being re-used, sealing the potential security hole regarding inherited permissions..
Related Topics: AdminDocumentationCategory