Tags:
create new tag
view all tags

Question

Hi,

For my wiki installation, I need to restrict access to members of my company's engineering group. To do this, I've set up /twiki/bin/.htaccess to authenticate against external htpasswd and htgroups files that are maintained by our IT group. This is working fine, and access is properly restricted.

The problem that I'm running into is that a user that passes Apache's authentication, but has not registered with TWiki, is still allowed to edit pages (and their username shows up in the history as their login name).

The behavior that I really want is:

  • Anyone that Apache authenticates is allowed to view the wiki
  • Only registered wiki users are allowed to edit. If login to WikiName mapping fails, they are prompted to register through the normal TWikiRegistration mechanism.

Is this possible without hacking the code? If not, how much hacking are we talking?

Thanks, Greg

Environment

TWiki version: TWikiRelease02Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS:  
Web server: Apache 1.3
Perl version:  
Client OS:  
Web Browser:  
Categories: Authentication

-- GregSpurrier - 07 Dec 2004

Answer

This is not supported out of the box. But can be done with some coding. See GroupWithAllUsers and DefaultGroup.

-- PeterThoeny - 07 Dec 2004

FWIW, before I saw the reply from PeterThoeny, I made a hack to the view script to enforce a more rigid policy: registration is required to view and to edit, but the user is automatically redirected to the registration page if they have not previously registered: 

#
# In order to keep everything kosher, we want to force users to 
# have a TWiki account.  If the Unix login to WikiName mapping fails
# then $TWiki:wikiName will be the same as the remove user name.
# If this happens, redirect to the registration page.
#
#
if($TWiki::wikiName eq $theRemoteUser &&
   !($thePathInfo =~ /TWikiRegistration/)) {
    TWiki::redirect( $query, '<server_name>' . '/twiki/bin/view/TWiki/TWikiRegistration');
} 
else {
    TWiki::UI::View::view( $webName, $topic, $userName, $query );
}

I should probably also construct the URL for the redirect, rather than hard-coding it, but you get the idea...

I'll give Peter's suggestion a try, too.

-- GregSpurrier - 07 Dec 2004

WebForm
SupportStatus AnsweredQuestions
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2005-02-02 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.