Question

The TWikiUserAuthentication topic describes an authentication type called "No login to view; require login to edit" and then goes on to say that step by step instructions are given in TWikiInstallationGuide. I have read the guide and can only find instructions for "Require login to view and edit", which is Basic Authentication. Where are the instructions for the other authentication types? I have spent hours searching, please point me in the right direction. Thank you.

Environment

-- JayMartel - 15 Apr 2005

Answer

Basically, what I am looking for is a way to let anyone view the site, but if they want to edit they have to create a TWiki login and then they can do anything they want. I never want to deal with adding users myself. By the way, this is for an internal corporate web, so we will not have to worry about TWiki spam.

-- JayMartel - 15 Apr 2005

The topic TWikiInstallationGuide should address how to set this up - basically, you tell Apache to allow the unauthenticated ability to run the view.cgi script, but require that Apache authenticate the user once they attempt to run the other scripts. See the section TWikiInstallationGuide.

Now, it needs to be said that this will not always work especially if your corp has a single source for authenticating employees. For example, we use LDAP as a corp-wide tool for authenticating people. When Apache asks for the credentials, we happily login and are able to edit TWiki but without actually having registered first! We "fixed" this by applying a small patch to edit.cgi and require that edit.cgi check to see if the person has a TWiki hometopic. If they haven't registered then the code tries to find a topic of the form "corporateid" which is definitely a non-wiki name, the lookup fails, and the person is directed to go register first. It does take a patch and I am sure we have violated numerous TWiki codes of conduct, but the patch is well documented in our change logs.

-- SteveRJones - 05 May 2005

Steve, I am interested in your patch, as I want to do the very same thing. I have modified the ApplicationAuthenticationAddOn to use LDAP.

I am NOT using APACHE basic auth tho, but application level Authentication, as I am the Corp Accessibility advisory team, I need to have login forms that are size/font/color adjustable, which the Basic auth prompt is not.

I want to hook all cgi's that allow change, and put in the patch.

-- SamDetweiler - 06 May 2005

Jay,

I too found the same lack of information in the Install guide. These instructions 'Assume' one wants to use the web server mechanisms, AND that YOU understand the nuances of this. (which I didn't/don't).. I have the basic auth (web server) working with LDAP to my corp directory, but this leaves the two directories out of synch (twiki and corp).. In my cases everyone that has a valid corp id is 'registered' already, I just want to track changes, and later on add access control to changes as well, and then 'maybe' control access to topics.. altho the intent of this twiki is to get collaboration.

-- SamDetweiler - 06 May 2005