When you use HTTP authentication to restrict read access edits are signed using the HTTP username, instead of the WikiName. From reading the code I believe that this is feature and not a bug. I would like to check in code adding a preference to force use of the TwikiName even when there exists an HTTP username. The relevant code is in TWiki.pm in the routine initializeRemoteUser. In this code $theRemoteUser is the HTTP username and $rememberedUser is the WikiName:

  if( $theRemoteUser ) {
        if( $theRemoteUser ne $rememberedUser ) {
# This code replaces the WikiName with HTTP user name
            $AddrToName{ $remoteAddr } = $theRemoteUser;
# ...snip
        }
    }

The purpose of that code is to update remoteusers.txt, which maps user names to IP addresses. When you are using password authentication instead of IP authentication it seems to do nothing useful, so a patch to check a preference before doing "$AddrToName{ $remoteAddr } = $theRemoteUser" shouldn't do any harm. I have tested a version of the patch and did not find any new bugs.

What is the protocol for checking in a fix? I need this fairly quickly, know how to do it, and have the time to do it, so I'd rather not just leave it as a feature request for someone else to implement.

-- LucasGonze - 18 Jun 2002

What we (non-core developers) do is that we just provide a patch (diff -c output) against the last stable revision as attachement in this topic, and of course use it locally in our own sites.

I find it useful to have a comment in my added code with a version number, so that people know if they must upgrade the patch if you provide better versions at a later date...

I guess another TopicClassification item should be added, like ProposedPatch ?

-- ColasNahaboo - 19 Jun 2002