5 TWiki User Authentication.docx

5 TWiki User Authentication.docx

《5 TWiki User Authentication.docx》由会员分享，可在线阅读，更多相关《5 TWiki User Authentication.docx（11页珍藏版）》请在冰点文库上搜索。

5TWikiUserAuthentication

TWikiUserAuthentication

TWikisiteaccesscontrolanduseractivitytrackingoptions

∙TWikiUserAuthentication

oOverview

oPasswordManagement

oUserMapping

oUserRegistration

oLoginManagement

▪NoLogin（selectnoneinconfigure）

▪TemplateLogin（selectTWiki:

:

Client:

:

TemplateLogininconfigure）

▪EnablingTemplateLogin

▪ApacheLogin（selectTWiki:

:

Client:

:

ApacheLogininconfigure）

▪EnablingApacheLoginusingmod_auth

▪Logonsviabin/logon

oSessions

▪Getting,Setting,andClearingSessionVariables

▪CookiesandTransparentSessionIDs

oTWikiUsernamevs.LoginUsername

oChangingPasswords

oChangingE-mailAddresses

oControllingaccesstoindividualscripts

Howtochooseanauthenticationmethod

Overview

Authentication,or"login",istheprocessbywhichauserletsTWikiknowwhotheyare.

Authenticationisn'tjusttodowithaccesscontrol.TWikiusesauthenticationtoidentifyusers,soitcankeeptrackofwhomadechanges,andmanageawiderangeofpersonalsettings.Withauthenticationenabled,userscanpersonaliseTWikiandcontributeasrecognisedindividuals,insteadofshadows.

TWikiauthenticationisveryflexible,andcaneitherstandaloneorintegratewithexistingauthenticationschemes.YoucansetupTWikitorequireauthenticationforeveryaccess,oronlyforchanges.Authenticationisalsoessentialforaccesscontrol.

QuickAuthenticationTest-Usethe%USERINFO%variabletoreturnyourcurrentidentity:

∙Youareguest,TWikiGuest,

TWikiuserauthenticationissplitintofoursections;passwordmanagement,usermapping,userregistration,andloginmanagement.Passwordmanagementdealswithhowuserspersonaldataisstored.Registrationdealswithhownewusersareaddedtothewiki.Loginmanagementdealswithhowuserslogin.

Onceauserisloggedon,theycanberememberedusingaClientSessionstoredinacookieinthebrowser（orbyotherlesselegantmeansiftheuserhasdisabledcookies）.Thisavoidsthemhavingtologonagainandagain.

TWikiuserauthenticationisconfiguredthroughtheSecuritySettingspaneintheconfigureinterface.

PleasenoteFileAttachmentsarenotprotectedbyTWikiUserAuthentication.

Tip:

TWiki:

TWiki.TWikiUserAuthenticationSupplementonTWiki.orghassupplementaldocumentationonuserauthentication.

PasswordManagement

Asshipped,TWikisupportstheApache'htpasswd'passwordmanager.Thismanagersupportstheuseof.htpasswdfilesontheserver.ThesefilescanbeuniquetoTWiki,orcanbesharedwithotherapplications（suchasanApachewebserver）.Avarietyofpasswordencodingsaresupportedforflexibilitywhenre-usingexistingfiles.SeethedescriptivecommentsintheSecuritySettingssectionofthe[[/cgi-bin/configure][configure]interfaceformoredetails.

Youcaneasilypluginalternatepasswordmanagementmodulestosupportinterfacestootherthird-partyauthenticationdatabases.

UserMapping

Oftenwhenyouareusinganexternalauthenticationmethod,youwanttomapfromanunfriendly"loginname"toamorefriendlyWikiName.Also,anexternalauthenticationdatabasemaywellhaveuserinformationyouwanttoimporttoTWiki,suchasusergroups.

Bydefault,TWikisupportsmappingofusernamestowikinames,andsupportsTWikigroupsinternaltoTWiki.Ifyouwant,youcanpluginanalternateusermappingmoduletosupportimportofgroupsetc.

UserRegistration

Newuserregistrationusesthepasswordmanagertosetandchangepasswordsandstoreemailaddresses.Itisalsoresponsibleforthenewuserverificationprocess.theregistrationprocesssupportssingleuserregistrationviatheTWikiRegistrationpage,andbulkuserregistrationviatheBulkRegistrationpage（foradminsonly）.

Theregistrationprocessisalsoresponsibleforcreatingusertopics,andsettingupthemappinginformationusedbytheUserMappingsupport.

Note:

IfyouarerestrictingtheentireMainwebtoTWikiGuest,youarerequiredtoaddTWikiRegistrationAgenttoALLOWWEBCHANGEinyourMain/WebPreferences.Bydoingso,newusersareabletoregisterwithoutanyerrors.

LoginManagement

Loginmanagementcontrolsthewayusershavetologin.Therearethreebasicoptions;nologin,loginviaaTWikiloginpage,andloginusingthewebserverauthenticationsupport.

NoLogin（selectnoneinconfigure）

Doesexactlywhatitsaysonthetin.Forgetaboutauthenticationtomakeyoursitecompletelypublic-anyonecanbrowseandeditfreely,inclassicWikistyle.AllvisitorsaregiventheTWikiGuestdefaultidentity,soyoucan'ttrackindividualuseractivity.

Note:

Thissetupisnotrecommendedonpublicwebsitesforsecurityreasons;anyonewouldbeabletochangesystemsettingsandperformtasksusuallyrestrictedtoadministrators.

TemplateLogin（selectTWiki:

:

Client:

:

TemplateLogininconfigure）

TemplateLoginasksforausernameandpasswordinawebpage,andprocessesthemusingwhateverPasswordManageryouchoose.Userscanloginandlogout.ClientSessionsareusedtorememberusers.Userscanchoosetohavetheirsessionrememberedsotheywillautomaticallybeloggedinthenexttimetheystarttheirbrowser.

EnablingTemplateLogin

1.Usetheconfigureinterfaceto

1.selecttheTWiki:

:

Client:

:

TemplateLoginloginmanager（ontheSecuritySettingspane）.

2.selecttheappropriatepasswordmanagerforyoursystem,orprovideyourown.

2.RegisteryourselfintheTWikiRegistrationtopic.

Checkthatthepasswordmanagerrecognisesthenewuser.Ifyouareusing.htpasswdfiles,checkthatanewlinewiththeusernameandencryptedpasswordisaddedtothe.htpasswdfile.Ifnot,youprobablygotapathwrong,orthepermissionsmaynotallowthewebserverusertowritetothatfile.

3.Createanewtopictocheckifauthenticationworks.

4.EdittheTWikiAdminGrouptopicintheMainwebtoincludeuserswithsystemadministratorstatus.

Thisisaveryimportantstep,asusersinthisgroupcanaccessalltopics,independentofTWikiaccesscontrols.

TWikiAccessControlhasmoreinformationonsettingupaccesscontrols.

AtthistimeTWikiAccessControlscannotcontrolaccesstofilesinthepubarea,unlesstheyareonlyaccessedthroughtheviewfilescript.Ifyourpubdirectoryissetupinthewebservertoallowopenaccessyoumaywanttoadd.htaccessfilesintheretorestrictaccess.

YoucancreateacustomversionoftheTWikiRegistrationformbydeletingoraddinginputtags.Thename=""parameteroftheinputtagsmuststartwith:

"Twk0..."（ifthisisanoptionalentry）,or"Twk1..."（ifthisisarequiredentry）.Thisensuresthatthefieldsarecarriedoverintotheuserhomepagecorrectly.

YoucancustomizethedefaultuserhomepageinNewUserTemplate.Thesamevariablesgetexpandedasinthetemplatetopics

ApacheLogin（selectTWiki:

:

Client:

:

ApacheLogininconfigure）

UsingthismethodTWikidoesnotauthenticateusersinternally.InsteaditdependsontheREMOTE_USERenvironmentvariable,whichissetwhenyouenableauthenticationinthewebserver.

TheadvantageofthisschemeisthatifyouhaveanexistingwebsiteauthenticationschemeusingApachemodulessuchasmod_auth_ldapormod_auth_mysqlyoucanjustplugindirectlytothem.

Thedisadvantageisthatbecausetheuseridentityiscachedinthebrowser,youcanlogin,butyoucan'tlogoutagainunlessyourestartthebrowser.

TWikimapstheREMOTE_USERthatwasusedtologintothewebservertoaWikiNameusingthetableinTWikiUsers.Thistableisupdatedwheneverauserregisters,souserscanchoosenottoregister（inwhichcasetheirwebserverloginnameisusedfortheirsignature）orregister（inwhichcasethatloginnameismappedtotheirWikiName）.

Thesameprivate.htpasswdfileusedinTWikiTemplateLogincanbeusedtoauthenticateApacheusers,usingtheApacheBasicAuthenticationsupport.

Warning:

DonotusetheApachehtpasswdprogramwith.htpasswdfilesgeneratedbyTWiki!

htpasswdwipesoutemailaddressesthatTWikiplantsintheinfofieldsofthisfile.

EnablingApacheLoginusingmod_auth

YoucanuseanyotherApacheauthenticationmodulethatsetsREMOTE_USER.

1.UseconfiguretoselecttheTWiki:

:

Client:

:

ApacheLoginloginmanager.

2.UseconfiguretosetupTWikitocreatetherightkindof.htpasswdentries.

3.Createa.htaccessfileinthetwiki/bindirectory.

Thereisantemplateforthisfileintwiki/bin/.htaccess.txtthatyoucancopyandchange.Thecommentsinthefileexplainwhatneedtobedone.

Ifyougotitright,thebrowsershouldnowaskforloginnameandpasswordwhenyouclickontheEdit.If.htaccessdoesnothavethedesiredeffect,youmayneedto"AllowOverrideAll"forthedirectoryinhttpd.conf（ifyouhaverootaccess;otherwise,e-mailwebserversupport）

AtthistimeTWikiAccessControlsdonotcontrolaccesstofilesinthepubarea,unlesstheyareonlyaccessedthroughtheviewfilescript.Ifyourpubdirectoryissetuptoallowopenaccessyoumaywanttoadd.htaccessfilesinthereaswelltorestrictaccess

4.YoucancreateacustomversionofTWikiRegistrationbydeletingoraddinginputtags.Thename=""parameteroftheinputtagsmuststartwith:

"Twk0..."（ifthisisanoptionalentry）,or"Twk1..."（ifthisisarequiredentry）.Thisensuresthatthefieldsarecarriedoverintotheuserhomepagecorrectly.

YoucancustomizethedefaultuserhomepageinNewUserTemplate.Thesamevariablesgetexpandedasinthetemplatetopics

5.RegisteryourselfintheTWikiRegistrationtopic.

Checkthatanewlinewiththeusernameandencryptedpasswordisaddedtothe.htpasswdfile.Ifnot,youmayhavegotapathwrong,orthepermissionsmaynotallowthewebser