How does a user or administrator change TWiki passwords?

They should be changed periodically, or (as I'm currently experiencing) a user may forget the password.

• TWiki version: 1.11
• Web server: Apache 1.3.x
• Server OS: Solaris

-- RalphBroom - 17 Jan 2001

Answer This is a problem that anybody will have sooner or later when running Twiki. After I received several calls for password reset (which meant running through the entire procedure of deleting a line in .htpasswd, deleting the users Main. topic and asking the user to register again ... ) I wrote my own ResetPassword and ChangePassword extension to Twiki. Even if I am very sure that somebody else already did that job I'd like to give you my solution.

It consists of

You can find those files attached.

Note: This was my very first perl experience - I did it more or less using cut & paste from the original Twiki scripts - and it was my first CGI as well - so any enhancements are welcome - please let me know ...

-- KlausWriessnegger - 22 Jan 2001

Thanks Klaus for the contribution. I copied this topic over from the Support web. It will go into the TWiki core with some modifications.

-- PeterThoeny - 10 Feb 2001

Hi, is password handling also MD5 passwords? (I am getting a "wrong old password" error).

-- AndreaSterbini - 10 Feb 2001

Thanks for the password changes! You'll find my version at http://ftp.codemeta.com/netkits/TWiki20001201.password.tgz - it ensures that the authenticated user is allowed to change the user's page.

Sorry for the code fork, but I'm still getting the hang of TWiki, so thought I'd notify you via TWiki instead of email.

-- BruceDawson - 24 Feb 2001

Make "the program to call to generate/change passwords" a TWiki.cfg variable. I believe it changes from platform to platform and from webserver to webserver.

-- DavidLeBlanc - 11 Mar 2001

I have committed to alpha this implementation of Reset/Change Passwords (Thanks, Klaus!!!).

I have also written a similar script to do password installation. For a (not functioning) example see InstallPassword .

TODO: TWikiRenameUser

-- AndreaSterbini - 29 May 2001

I was just checking the MD5 ness of the above - it appears that it can't do it. Here's the code extract we use on our NT installation:

# Changes below by Main.TristanClarke, 13Mar01
# for storing MD5 encrypted passwords. See sub htpasswdGeneratePasswd
use MIME::Base64;  # http://www.cpan.org/modules/by-module/MIME/
use Digest::SHA1;  # http://www.cpan.org/modules/by-module/MD5/

sub htpasswdGeneratePasswd
{
    my ( $user, $passwd ) = @_;

    # Changed by Main.TristanClarke to store MD5 encrypted passwords as outlined at http://twiki.org/cgi-bin/view/Codev/ApachePasswords
    return $user."\:{SHA}".encode_base64( Digest::SHA1::sha1($passwd) ); 

    # the rest of this sub commented out.
    # by David Levy, Internet Channel, 1997
    # found at http://world.inch.com/Scripts/htpasswd.pl.html
    ...
}

If wanted, it needs applying to the passwd script and could be optional configured in using a variable in TWiki.cfg

-- MartinCleaver - 18 Jun 2001

Due to changes in TWiki libraries (wiki->TWiki) I've updated the files "ChangePassword.txt" and "passwd". Now it work with the stable TWikiRelease01Dec2001 and hopefully also with the upcoming BeijingRelease .

-- AndreUlrich - 14 Sep 2002

Hi. If you are going to do some work on these scripts, it would be good if you can fix HtPasswordCodeDuplication

Thanks, Martin.

-- MartinCleaver - 15 Sep 2002

Hi, packing all this stuff, like you mentioned on CodevDocumentationProject, in one library is reasonable. As I looked at the source, I realized that ChangePassword is already integrated in the TWikiRelease01Dec2001. So my work was redundant:( Maybe this Topic should be closed or marked as implemented?

I´m not sure if I have the time to do it before Beijing, but I try. Can someone tell me, where the current TWiki source is?

• See TWikiAlphaRelease. -- MattWilkie

-- AndreUlrich - 19 Sep 2002