SID-01318: How do I disable use of the HTTP Authenticated user?

Status:	Unanswered	TWiki version:	5.1.0	Perl version:	v5.10.0
Category:	CategoryAccessControl	Server OS:	openSUSE 11.0 (X86-64)	Last update:	13 years ago

My server is protected by HTTP basic security. I can login to the server with no problem. However, when I access any of the Twiki pages, I am already logged in as the Apache user.

I recently upgrade from 4.x to 5.1.0 and I think (hope) that I followed the instructions properly to move the files to the new version.

• configure shows no errorrs and I see nothing in log201111.txt or warn201111.txt indicating a problem.
• TWiki::LoginManager::TemplateLogin is enabled.
• AllowLoginName is disabled.
• TWiki::Users::HtPasswdUser is enabled.

All of the files and directories under pub and data are owned by the web server user and are writeable.

I am really at a loss where to look next.

-- JamesMohr - 2011-11-03

Discussion and Answer

If I understand correctly, your users are faced with double auth, Apache login and template login. Use only one of the other. For Apache login use TWiki::LoginManager::ApacheLogin instead of TWiki::LoginManager::TemplateLogin.

-- PeterThoeny - 2011-11-03

Thank you very much for your quick reply.

The problem is that I am not being asked to log into Twiki. Instead, as soon as I have logged in through Apache I am connected to the Twiki as that user. I have other things on this site that I want protected, which is why I use the Apache login. However, I do not want everyone to have access to the Twiki, so I want people to login to the twiki.

In a nutshell, I want Twiki to completely ingore the fact that there is HTTP basic authentication and use the TemplateLogin. The thing is that it worked exactly the way I wanted in 4.x. It stopped working the way I wanted when I upgrade to 5.1.0.

-- JamesMohr - 2011-11-04

This is an Apache configuration question. Each directory can be configured for access. Configure the html doc root for apache auth (for your other content), define a separate directory for twiki/bin and twiki/pub where you do not use apache auth, and on the TWiki level configure for template auth.

-- PeterThoeny - 2011-11-04

The big thing is that it worked the way I wanted in 4.3, since I didn't change the Apache configuration I have a hard time seeing it as an "Apache configuration question".

Everything under the document root was and is protected by the HTTP basic authentication, so I could not and cannot even access the Twiki without first authenticating with Apache. Previously, once I get to the Twiki pages, I had to login into the Twiki order to edit file or even access certain twikis. (i.e. two separate logins) This is no longer the case. The necessity of having a "separate directory" where I "do not use apache auth" is not how it worked in 4.3.

Now, once l authenticate with Apache, Twiki already sees me as the Apache user. For example, in the topbar menu "Account" is my Apache account name and any file I edit has my Apache user in the history. Since twiki is reacting to the Apache user and the Apache config was not changed, I do not see where the problem lies with Apache. From my perspective I have told twiki NOT to use the Apache authentication because I said to use TemplateLogin. However, Twiki is not listing and deciding to use the Apache authentication anyway.

-- JamesMohr - 2011-11-07

Now I understand your use case. It is kind of unusual, first time I see this. Not sure what changed in TWiki to behave differently. If you are a developer I invite you to investigate and debug. You could also hire a consultant to do that for you.

-- PeterThoeny - 2011-11-08

Has there been any resolution to this issue? I'm facing the same problem at my company and would like to have twiki completely ignore basic http authentication if I don't ask it to. I've installed the OpenID plugin, but it never gets to it.

-- AbhiramAlamuru - 2012-01-13

Closing this question after more than 30 days of inactivity. Feel free to reopen if needed. Consider engaging one of the TWiki consultants if you need timely help. We invite you to get involved with the community, it is more likely you get community support if you support the open source project!

-- PeterThoeny - 2012-07-01

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.