Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
TWiki User Authentication | ||||||||
Line: 30 to 30 | ||||||||
Password Management | ||||||||
Changed: | ||||||||
< < | As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the [[/twiki/bin/configure][configure] interface for more details. | |||||||
> > | As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the configure interface for more details. | |||||||
You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases. | ||||||||
Line: 48 to 48 | ||||||||
The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support. | ||||||||
Added: | ||||||||
> > | Note: If you are restricting the entire Main web to TWikiGuest, you are required to add TWikiRegistrationAgent to ALLOWWEBCHANGE in your Main/WebPreferences . By doing so, new users are able to register without any errors. | |||||||
Login Management | ||||||||
Line: 61 to 63 | ||||||||
Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators. | ||||||||
Changed: | ||||||||
< < | Template Login (select =TWiki::Client::TemplateLogin in configure) | |||||||
> > | Template Login (select =TWiki::LoginManager::TemplateLogin in configure) | |||||||
Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.
Enabling Template Login
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
| ||||||||
Added: | ||||||||
> > |
| |||||||
| ||||||||
Line: 84 to 87 | ||||||||
The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate topic, which will then override the default. | ||||||||
Changed: | ||||||||
< < | Apache Login (select =TWiki::Client::ApacheLogin in configure) | |||||||
> > | Apache Login (select =TWiki::LoginManager::ApacheLogin in configure) | |||||||
Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver. | ||||||||
Line: 100 to 103 | ||||||||
Enabling Apache Login using =mod_authYou can use any other Apache authentication module that sets REMOTE_USER. | ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
| ||||||||
Line: 115 to 118 | ||||||||
Logons via bin/logon | ||||||||
Changed: | ||||||||
< < | Any time a user enters a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on. | |||||||
> > | Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on. | |||||||
Changed: | ||||||||
< < | The bin/logon script accomplishes this. The bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user . However, once authenticated, it will simply redirect the user to the view URL for the page from which the logon script was linked. | |||||||
> > | The bin/logon script enables this. If you are using Apache Login, the bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user . Once authenticated, it will redirect the user to the view URL for the page from which the logon script was linked. | |||||||
Sessions | ||||||||
Line: 222 to 225 | ||||||||
Related Topics: AdminDocumentationCategory, TWikiAccessControl, TWiki:TWiki.TWikiUserAuthenticationSupplement, TWiki:TWiki.SecuringTWikiSite | ||||||||
Changed: | ||||||||
< < | -- Contributors: TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie | |||||||
> > | -- Contributors: TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie, TWiki:Main.SvenDowideit |