Question

I have been unable to keep a separate login for Apache 2 (for general access to TWiki content) and TWiki (for fine-grained access).

For example, I have a user 'twiki' that must be authenticated by Apache before having access to TWiki content. Once I have gained access I then want to login as 'ChrisPurves', but TWiki will only recognise me as user 'twiki'.

Environment

-- ChrisPurves - 27 Mar 2006

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

With the current code, you can't have separate logins. As soon as TWiki gets a user name from Apache, it considers the session "authenticated" - so it wouldn't ask for another login.

The reason is in Client.pm, around line 202:

    # if we couldn't get the login manager or the http session to tell
    # us who the user is, then let's use the CGI "remote user"
    # variable (which may have been set manually by a unit test,
    # or it might have come from Apache).
    $authUser ||= $twiki->{remoteUser};

You might want to comment out the last line here (though I can't say for sure that this is sufficient). And, of course, you need to enable UseClientSessions and TemplateLogin in /bin/configure, so that your TWiki login is activated.

-- HaraldJoerg - 27 Mar 2006

Works like a charm. Thanks.

-- ChrisPurves - 29 Mar 2006