TWiki User Authentication
TWiki site access control and user activity tracking
TWiki does not authenticate users internally, it depends on the
environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol).
TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity.
No special installation steps need to be performed if the server is already authenticated. If not, you have three standard options for controlling user access:
- Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki mode. All visitors are assigned the TWikiGuest default identity, so you can't track individual user activity.
- Use SSL (Secure Sockets Layer; HTTPS) to authenticate and secure the whole server.
- Use Basic Authentication (HTAccess) to control access by protecting key scripts:
viewfile using .htaccess files. The TWiki Installation Guide has step-by-step instructions.
Tracking by IP address
is an experimental feature, enabled in
. It lets you combine open access to some functions, with authentication on others, with full user activity tracking:
- Normally, the
REMOTE_USER environment variable is set for the scripts that are under authentication. If, for example, the
preview scripts are authenticated, but not
view, you would get your WikiName in
preview for the
%WIKIUSERNAME% variable, but
view will show
TWikiGuest instead of your WikiName.
- TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts, like
view, will show the correct username instead of TWikiGuest.
- Enable this feature by setting the
$doRememberRemoteUser flag in
TWiki.cfg. TWiki then persistently stores the IP address/username pairs in the file,
$remoteUserFilename, which is
"$dataDir/remoteusers.txt" by default.
Quick Authentication Test
- NOTE: This approach can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers.
- Use the %WIKIUSERNAME% variable to return your current identity:
TWiki Username vs. Login Username
This section applies only if your TWiki is installed on a server that is both authenticated
and on an intranet
TWiki internally manages two usernames: Login username and TWiki username.
- Login username: When you login to the intranet, you use your existing login username, ex:
pthoeny. This name is normally passed to TWiki by the
REMOTE_USER environment variable, and used by internally by TWiki. Login usernames are maintained by your system administrator.
- TWiki username: Your name in WikiNotation, ex:
PeterThoeny, is recorded when you register using TWikiRegistration; doing so also generates a personal home page in the Main web.
TWiki can automatically map an intranet username to a TWiki username, provided that the username pair exists in the TWikiUsers
topic. This is also handled automatically when you register.
NOTE: To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces. Ex:
WikiUser to the TWiki.Main web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic everywhere but in the Main web.
Change and reset passwords using forms on regular pages. Use TWikiAccessControl
to restrict use as required.
No permission to view TWiki.ChangePassword
Remember your password? Use ChangePassword instead. Otherwise, use this form to get a new one e-mailed to you.
- 29 Aug 2001