I have a system on which I've installed 3 instances of TWiki, but its Apache uses mod_auth_mysql instead of .htpasswd to authorize 'logging in'. It would be very nice if TWiki allowed the flexibility to specify where password information is written to and read from instead of being hard coded to use .htpasswd.
-- TaitCyrus - 17 Feb 2004
I am in the same boat. I use mod_auth_mysql to do user authentication off a user table used by another pre-existing web forum package. I have more or less done-away with the TWikiRegistration system because of several problems I ran into. Most notably, using the forum usernames as wikinames (most of which were not valid WikiWords) wreaks havoc on the regex in the TWikiRegistration script designed to sort usernames. My solution is utterly barbaric: if users want a homepage, they can add it themselves. It works ok for the time being but is certainly far from ideal. I'm really curious what TaitCyrus's system is like. 
(Doh! Just read up on it...)
Moving the authentication, add user, change password, etc. type functions one abstraction layer further out would make all the difference in deployment in non-.htaccess situations. The current "do you own f'in auth" or "do .htpasswd auth" is way too restrictive, IMHO. I'm an assembly/C programmer, not a perl coder (well, so far) so I can't hack this one in.
-- DavidBlundell - 17 Feb 2004
This is a work in progress right now. SvenDowideit has been making progress in extracting user-enumeration/authentication into a separate module (UserDotPm) that will be configurable to use one of a number of different 'implementation' submodules. Currently there's only one (for the existing .htpasswd mechanism), but hopefully once these changes are complete other people will be able to write add-ons that do authentication in other ways. We may even add other authentication methods directly into the core code, but they'll have to be optional, because part of the TWikiMission is keeping prerequisites to a minimum. I don't know what the plan is here, really.
-- WalterMundt - 18 Feb 2004
Yep
my plan is to have backends for each of the different systems people wnat to use
If either Tait / David want to send me the code and configuration changes that they did I will look to integrating it into CairoRelease :). The only other authenticaton mechanism that I am intending to do (without help from others) is for NT (prefferably for IIS, Win2003 and either ActiveStatePerl, or the Perl from UnixServicesForWindows.
-- SvenDowideit - 18 Feb 2004
Sven, I assume you are refering to ConfigurablePasswordFileHandling. Is there anything else listed on TWikiAuthenticationDev that you are going to incorperate? What about LDAP or NTLM?
-- SamHasler - 18 Feb 2004
Sven, I'd be happy to try to finish up and try to make the code chages I've done more sane and sanitary. However, I am relatively new to TWiki, and I know there are a lot of politics. I essentially disabled the entire TWiki registration system and edited the oopsreg templates, etc. to point to the existing forum's registration. This is apparently somewhat controversial because I now have 2000 users with non-wikiword usernames. This breaks the TWikiRegistration script BADLY, even with it modified to add stuff to the database not the .htpasswd file. My "fix" to this is a nasty perl script that automatically follows through the TWikiRegistration process for all users in my mysql auth table. Before I'd consider sharing this / making a new bin/register.mysql script, I need to fix a regex in bin/register that breaks horridly in the event of non-WikWord usernames, causing the imported usernames to not be at all sorted. I wish I knew perl better. Sigh. So, what I can offer is a bin/register.mysql-md5 perl script to replace bin/register, and a perl script for doing a quick+dirty import of existing users into the TWikiUsers page. If you really are interested in code this shoddy, I'm down to clean it up and fix the broken regex. I think Tait (in a roundabound but much more elegant way) implemented a much cleaner version of this with his DatabasePlugin. The first thing I thought of was auth when I saw it...
-- DavidBlundell - 18 Feb 2004
I know nothing about LDAP, but from what I read around on codev, all you need for authaurisation is to edit the htaccess file. I am thinking about dealing with pre-registration, and pre-existing users (without TWikiPages and with), but that was all i was planning on doing by myself
I will probably try win2003 IIS, and NT users, just for fun, but i have never (and don't really want to..) run apache under NT.. so if you want it, send me patches. Same goes for anything else that you want to go in.
David - I'd love you to finish the work (and prefferably using the new er cvs version of twiki 
but it would be interesting to see a preliminary diff, so I have some idea of where you are going (and what i need to think about that i have to think about). the biggest worry for me is testing
-- SvenDowideit - 19 Feb 2004
Ok... I'll try to clean up my scripts. Knowing that you're going to try to make them work for a lot of other stuff, I'm going to try to rewrite them to be very modular. One issue with making TWiki work with existing username structures (be it mysql/LDAP/postgres/... ... ...) is the non-WikiWord username. The only piece of TWikiRegistration that this affects highly is the automatic maintenance of the TWikiUsers topic and the creation of an individual topic for each user. Is this non-WikiWord user functionality something that I should try to write code for, or is it breaking the spirit of TWiki too much? I'm a newbie here and the last thing I want to do is upset one of the more important developers by writing code deemed to be ideologically hostile.
It would also be nice to look over any documentation (if it exists outside of comments within the code) relating to the registration system. So far, I have just read the code and attempted to decypher what the original script does... A list of functions the registration scripts need to perform would certainly simplify the task.
Please guide my developement efforts. I'm glad to help out where I can. Realize I'm a C/PHP/Assembly programmer not a perl programmer, so my progress will be slow.
-- DavidBlundell - 19 Feb 2004
I had to deal with non-WikiWord usernames on my wiki as well. I wasn't using any extra authentication mechanisms, but there was overwhelming demand to allow people to use their existing "handles" because this wiki was affiliated with a forum. I never did fix the register script to sort TWikiUsers properly, but that wasn't a big issue - TWiki still works fine if that topic is a mishmash. All that was really necessary was to force it to blindly accept anything alphanumeric. Perhaps I'll fix it up right and put together a semi-official FeatureHack for allowing non-WikiWord usernames independent of any external authentication. I don't think it should really be a core-code capability unless it's absolutely essential; WikiWord usernames are a very good thing just for convenience, and I like the idea of encouraging people to user their real names.
However, because this results in non-WW topics for users, a number of other changes are very helpful:
(Doh! Just read up on it...)
Moving the authentication, add user, change password, etc. type functions one abstraction layer further out would make all the difference in deployment in non-.htaccess situations. The current "do you own f'in auth" or "do .htpasswd auth" is way too restrictive, IMHO. I'm an assembly/C programmer, not a perl coder (well, so far) so I can't hack this one in.
-- DavidBlundell - 17 Feb 2004
This is a work in progress right now. SvenDowideit has been making progress in extracting user-enumeration/authentication into a separate module (UserDotPm) that will be configurable to use one of a number of different 'implementation' submodules. Currently there's only one (for the existing .htpasswd mechanism), but hopefully once these changes are complete other people will be able to write add-ons that do authentication in other ways. We may even add other authentication methods directly into the core code, but they'll have to be optional, because part of the TWikiMission is keeping prerequisites to a minimum. I don't know what the plan is here, really.
-- WalterMundt - 18 Feb 2004
Yep
my plan is to have backends for each of the different systems people wnat to use
If either Tait / David want to send me the code and configuration changes that they did I will look to integrating it into CairoRelease :). The only other authenticaton mechanism that I am intending to do (without help from others) is for NT (prefferably for IIS, Win2003 and either ActiveStatePerl, or the Perl from UnixServicesForWindows.
-- SvenDowideit - 18 Feb 2004
Sven, I assume you are refering to ConfigurablePasswordFileHandling. Is there anything else listed on TWikiAuthenticationDev that you are going to incorperate? What about LDAP or NTLM?
-- SamHasler - 18 Feb 2004
Sven, I'd be happy to try to finish up and try to make the code chages I've done more sane and sanitary. However, I am relatively new to TWiki, and I know there are a lot of politics. I essentially disabled the entire TWiki registration system and edited the oopsreg templates, etc. to point to the existing forum's registration. This is apparently somewhat controversial because I now have 2000 users with non-wikiword usernames. This breaks the TWikiRegistration script BADLY, even with it modified to add stuff to the database not the .htpasswd file. My "fix" to this is a nasty perl script that automatically follows through the TWikiRegistration process for all users in my mysql auth table. Before I'd consider sharing this / making a new bin/register.mysql script, I need to fix a regex in bin/register that breaks horridly in the event of non-WikWord usernames, causing the imported usernames to not be at all sorted. I wish I knew perl better. Sigh. So, what I can offer is a bin/register.mysql-md5 perl script to replace bin/register, and a perl script for doing a quick+dirty import of existing users into the TWikiUsers page. If you really are interested in code this shoddy, I'm down to clean it up and fix the broken regex. I think Tait (in a roundabound but much more elegant way) implemented a much cleaner version of this with his DatabasePlugin. The first thing I thought of was auth when I saw it...
-- DavidBlundell - 18 Feb 2004
I know nothing about LDAP, but from what I read around on codev, all you need for authaurisation is to edit the htaccess file. I am thinking about dealing with pre-registration, and pre-existing users (without TWikiPages and with), but that was all i was planning on doing by myself
I will probably try win2003 IIS, and NT users, just for fun, but i have never (and don't really want to..) run apache under NT.. so if you want it, send me patches. Same goes for anything else that you want to go in.
David - I'd love you to finish the work (and prefferably using the new er cvs version of twiki but it would be interesting to see a preliminary diff, so I have some idea of where you are going (and what i need to think about that i have to think about). the biggest worry for me is testing
-- SvenDowideit - 19 Feb 2004
Ok... I'll try to clean up my scripts. Knowing that you're going to try to make them work for a lot of other stuff, I'm going to try to rewrite them to be very modular. One issue with making TWiki work with existing username structures (be it mysql/LDAP/postgres/... ... ...) is the non-WikiWord username. The only piece of TWikiRegistration that this affects highly is the automatic maintenance of the TWikiUsers topic and the creation of an individual topic for each user. Is this non-WikiWord user functionality something that I should try to write code for, or is it breaking the spirit of TWiki too much? I'm a newbie here and the last thing I want to do is upset one of the more important developers by writing code deemed to be ideologically hostile.
It would also be nice to look over any documentation (if it exists outside of comments within the code) relating to the registration system. So far, I have just read the code and attempted to decypher what the original script does... A list of functions the registration scripts need to perform would certainly simplify the task.
Please guide my developement efforts. I'm glad to help out where I can. Realize I'm a C/PHP/Assembly programmer not a perl programmer, so my progress will be slow.
-- DavidBlundell - 19 Feb 2004
I had to deal with non-WikiWord usernames on my wiki as well. I wasn't using any extra authentication mechanisms, but there was overwhelming demand to allow people to use their existing "handles" because this wiki was affiliated with a forum. I never did fix the register script to sort TWikiUsers properly, but that wasn't a big issue - TWiki still works fine if that topic is a mishmash. All that was really necessary was to force it to blindly accept anything alphanumeric. Perhaps I'll fix it up right and put together a semi-official FeatureHack for allowing non-WikiWord usernames independent of any external authentication. I don't think it should really be a core-code capability unless it's absolutely essential; WikiWord usernames are a very good thing just for convenience, and I like the idea of encouraging people to user their real names.
However, because this results in non-WW topics for users, a number of other changes are very helpful: - Change the signature in the edit template to use
[[forced linking]] - Adjust the statistics script to force-link usernames in the contributor lists.
- Change the login prompt in
bin/.htaccess
Topic revision: r10 - 2004-02-20 - SvenDowideit
Site map
Blog web
Create New Topic
Index
Search
Advanced search
My topics of interest
Changes
Major changes only
All tags
Notifications
RSS Feed
Statistics
Preferences
Community 
Readme first
Developers News
How you can help
Community roles
#twiki IRC
Lima Release
Feature Proposals
Bugs Changes
Categories 
Account 
Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.