-TWiki does not authenticate users internally, it depends on the `REMOTE_USER` environment variable. This variable is set when you enable basic authentication or authentication via SSL (https protocol)
+<div>
+ <ul>
+ <li><a href="#TWiki User Authentication"> TWiki User Authentication</a><ul>
+ <li><a href="#Overview"> Overview</a></li>
+ <li><a href="#Authentication Options"> Authentication Options</a><ul>
+ <li><a href="#Partial Authentication"> Partial Authentication</a></li>
+ </ul>
+ </li>
+ <li><a href="#TWiki Username vs. Login Usernam"> TWiki Username vs. Login Username</a></li>
+ <li><a href="#Changing Passwords"> Changing Passwords</a></li>
+ </ul>
+ </li>
+ </ul>
+</div>
-TWiki keeps track who made changes to topics at what time. This gives a complete audit trail of changes.
+# <a name="TWiki User Authentication"></a> TWiki User Authentication
-No special installation steps need to be performed in case the server is already autenticated. If not you can opt for one of these:
+_TWiki site access control and user activity tracking_
-- Forget about authentication. All changes will be registered as [[TWikiGuest]] user, e.g. you can't tell who made changes.
-- Use basic authentication for the `edit` and `attach` scripts. [TWiki Installation](TWikiDocumentation#installation) tells you more about that.
-- Use SSL to authenticate and secure the whole server.
+## <a name="Overview"></a> Overview
-The `REMOTE_USER` environment variable is only set for the scripts that are under authentication. If for example the `edit`, `save` and `preview` scripts are authenticated, but not `view`, you would get your [[WikiName]] in `preview` for the `%WIKIUSERNAME%` variable, but `view` will show `TWikiGuest` instead of your WikiName.
+TWiki does not authenticate users internally, it depends on the <code>**REMOTE\_USER**</code> environment variable. This variable is set when you enable Basic Authentication (.htaccess) or SSL "secure server" authentication (https protocol).
-There is a way to tell TWiki to remember the user for the scripts that are not authenticated, e.g. for the case where the `REMOTE_USER` environment variable is not set. TWiki can be configured to remember the IP address / username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non authenticated scripts like `view` will show the correct username instead of `TWikiGuest`. You can enable this by setting the `$doRememberRemoteUser` flag in `wikicfg.pm`. TWiki persistently stores the IP address / username pairs in file `$remoteUserFilename`, which is `"$dataDir/remoteusers.txt"` by default. Please note that this can fail in case the IP address changes due to dynamically assigned IP addresses or proxy servers. Test: You are Main.admin.
+TWiki uses visitor identification to keep track of who made changes to topics at what time and to manage a wide range of personal site settings. This gives a complete audit trail of changes and activity.
--- [[PeterThoeny]] - 02 Nov 2000 <br />
+## <a name="Authentication Options"></a> Authentication Options
+
+No special installation steps need to be performed if the server is already authenticated. If not, you have three standard options for controlling user access:
+
+1. **Forget about authentication** to make your site completely public - anyone can browse and edit freely, in classic Wiki mode. All visitors are assigned the [[TWikiGuest]] default identity, so you can't track individual user activity. <br />
+2. **Use SSL** (Secure Sockets Layer; HTTPS) to authenticate and secure the whole server. <br />
+3. **Use Basic Authentication (HTAccess)** to control access by protecting key scripts: `attach`, `edit=`, `installpasswd`, `password`, `preview`, `rename`, `save`, `upload`, `view`, `viewfile` using .htaccess files. The [[TWiki Installation Guide|Main/TWikiDocumentation#TWiki_Installation_Notes]] has step-by-step instructions.
+
+### <a name="Partial Authentication"></a> Partial Authentication
+
+**Tracking by IP address** is an experimental feature, enabled in `lib/TWiki.cfg`. It lets you combine open access to some functions, with authentication on others, with full user activity tracking:
+
+- Normally, the <code>**REMOTE\_USER**</code> environment variable is set for the scripts that are under authentication. If, for example, the <code>**edit**</code>, <code>**save**</code> and <code>**preview**</code> scripts are authenticated, but not <code>**view**</code>, you would get your [[WikiName]] in <code>**preview**</code> for the <code>**%WIKIUSERNAME%**</code> variable, but <code>**view**</code> will show <code>**TWikiGuest**</code> instead of your WikiName.
+
+- TWiki can be configured to remember the IP address/username pair whenever an authentication happens (edit topic, attach file). Once remembered, the non-authenticated scripts, like <code>**view**</code>, will show the correct username instead of [[TWikiGuest]].
+
+- Enable this feature by setting the <code>**$doRememberRemoteUser**</code> flag in `TWiki.cfg`. TWiki then persistently stores the IP address/username pairs in the file, `$remoteUserFilename`, which is `"$dataDir/remoteusers.txt"` by default.
+
+- **_NOTE:_** This approach can fail if the IP address changes due to dynamically assigned IP addresses or proxy servers.
+
+**Quick Authentication Test** - Use the %WIKIUSERNAME% variable to return your current identity:
+
+- You are Main.admin
+
+## <a name="TWiki Username vs. Login Usernam"></a> TWiki Username vs. Login Username
+
+This section applies only if your %WIKITOOLNAME% is installed on a server that is both **authenticated** and on an **intranet**.
+
+%WIKITOOLNAME% internally manages two usernames: Login username and TWiki username.
+
+- **Login username:** When you login to the intranet, you use your existing login username, ex: <code>**pthoeny**</code>. This name is normally passed to %WIKITOOLNAME% by the <code>**REMOTE\_USER**</code> environment variable, and used by internally by %WIKITOOLNAME%. Login usernames are maintained by your system administrator.
+
+- **TWiki username:** Your name in [[WikiNotation]], ex: <code>**PeterThoeny**</code>, is recorded when you register using [[TWikiRegistration]]; doing so also generates a personal home page in the Main web.
+
+%WIKITOOLNAME% can automatically map an intranet username to a TWiki username, provided that the username pair exists in the [[TWikiUsers]] topic. This is also handled automatically when you register.
+
+> **_NOTE:_**
+>
+> **To correctly enter a [[WikiName]]**
+>
+> - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces. Ex:
+>
+> <div>
+> <center><code><b>Main.WikiUsername</b></code> or <code><b>%MAINWEB%.WikiUsername</b></code></center>
+> </div>
+>
+> This points
+>
+> <code>**WikiUser**</code>
+>
+> to the %WIKITOOLNAME%.Main web, where user registration pages are stored, no matter which web it's entered in. Without the web prefix, the name appears as a
+>
+> [[NewTopic]]
+>
+> everywhere but in the Main web.
+
+<a name="ChangingPasswords"></a>
+
+## <a name="Changing Passwords"></a> Changing Passwords
+
+Change and reset passwords using forms on regular pages. Use [[TWikiAccessControl]] to restrict use as required.
+
+- The [[ChangePassword]] form ( <code>**TWiki/ChangePassword**</code> ):
+
+>
+
+- The [[ResetPassword]] form ( <code>**TWiki/ResetPassword**</code> ):
+
+>
+
+-- [[MikeMannix]] - 29 Aug 2001
git://git.openafs.org / openafs-wiki.git / blobdiff