Many TWiki users type in their operating system user name, e.g. rdonkin, instead of the Wiki name, e.g. RichardDonkin. This is so frequent I've changed the realm setting in the Apache .htaccess to remind people, but it makes little difference.
One solution is the IE5/IE6 or Mozilla features for remembering passwords, or other schemes for passwordless authentication as discussed in
ForgettingPasswords. However, there's a much simpler solution that is not very well documented, and is best applied
when you first deploy TWiki:
- Update the registration form to include
remoteUser
(i.e. the rdonkin
format name)
- Update
register
to add this near the existing call to htpasswdAddUser
:
htpasswdAddUser( htpasswdGeneratePasswd( $remoteUserName, $passwordA ) );
If you do this early,
all entries in the TWiki
htpasswd
file will be of the form 'rdonkin', and all entries in
TWikiUsers will look like this:
The result is that users can simply login as 'rdonkin' from day one, and not need to type their full
WikiName.
If you want to convert an existing TWiki site, you'd need to edit the
TWikiUsers page and also convert
htpasswd
- probably it's best to duplicate the existing entries so people can use the
WikiName format as well as the 'simple' format, but then you would have hassles with resetting passwords on both entries (see
ForgettingPasswords).
Note that I have only tested this slightly, but it did seem to work as a one-off. I used this in a DHCP environment (i.e. where my laptop's IP address changes daily) without problems.
Related pages:
Corrections and comments are welcome!
--
RichardDonkin - 09 Feb 2002
I've done three things to try to address this issue:
1. Added a note to my
TWikiRegistration which reads:
Your TWiki user name (or WikiName) is unrelated to your (company name here) email name. It is used to legibly identify yourself, so it is not just a login or a "handle".
(I also had a couple people who tried to use cryptic handles.)
2. Added a line to
oopsauth.tmpl
(which is shown when a login fails):
- Did you try to log in using your (company name here) email name? Use your WikiName instead.
3. Edited
bin/.htaccess
so that the login prompt contains a reminder:
AuthName "Log in using your WikiName"
--
JonReid - 11 Feb 2002
I've done all the same things you have, and unfortunately it makes little difference. Good point about the cryptic handles, people tend to want to use these...
I think the simplest approach is just to let people use their normal Unix or Windows login name, since they already use those for everything else. TWiki does support this, it's just that it took me about a year including some reading of code to realise this was possible! Definitely needs adding to the
TWikiDocumentation.
--
RichardDonkin - 12 Feb 2002
Since we have a complete authentication architecture at our company, and everybody is used to using login names, I tweaked TWiki.pm so that it would render %MAINWEB%.username automatically, and made all scripts authenticating.
See
UseLoginNames for how I did it.
--
WoutMertens - 21 Jul 2002
I'd no idea this has had a solution for 4 years. My users repeatedly tell me that they try logging in as their commonly used handle or their email address.
Perhaps this can be scheduled for Dakar?
--
MartinCleaver - 21 Aug 2004
i thought the shortname scheme was removed because of security issues.
--
WillNorris - 22 Aug 2004
If someone could provide details as to the security issues, I would much appreciate it. I am so far convinced that we should
StopUsingWikiNamesAsLoginNames.
--
MartinCleaver - 11 Oct 2004