Many TWiki users type in their operating system user name, e.g. rdonkin, instead of the Wiki name, e.g. RichardDonkin. This is so frequent I've changed the realm setting in the Apache .htaccess to remind people, but it makes little difference.

One solution is the IE5/IE6 or Mozilla features for remembering passwords, or other schemes for passwordless authentication as discussed in ForgettingPasswords. However, there's a much simpler solution that is not very well documented, and is best applied when you first deploy TWiki:

• Update the registration form to include remoteUser (i.e. the rdonkin format name)
• Update register to add this near the existing call to htpasswdAddUser:

   htpasswdAddUser( htpasswdGeneratePasswd( $remoteUserName, $passwordA ) );

If you do this early, all entries in the TWiki htpasswd file will be of the form 'rdonkin', and all entries in TWikiUsers will look like this:

• RichardDonkin - rdonkin - 03 Dec 2000

The result is that users can simply login as 'rdonkin' from day one, and not need to type their full WikiName.

If you want to convert an existing TWiki site, you'd need to edit the TWikiUsers page and also convert htpasswd - probably it's best to duplicate the existing entries so people can use the WikiName format as well as the 'simple' format, but then you would have hassles with resetting passwords on both entries (see ForgettingPasswords).

Note that I have only tested this slightly, but it did seem to work as a one-off. I used this in a DHCP environment (i.e. where my laptop's IP address changes daily) without problems.

Related pages:

• ForgettingPasswords - ways to avoid this, and links to authentication-related pages

Corrections and comments are welcome!

-- RichardDonkin - 09 Feb 2002

---

I've done three things to try to address this issue:

1. Added a note to my TWikiRegistration which reads:

Your TWiki user name (or WikiName) is unrelated to your (company name here) email name. It is used to legibly identify yourself, so it is not just a login or a "handle".

(I also had a couple people who tried to use cryptic handles.)

2. Added a line to oopsauth.tmpl (which is shown when a login fails):

• Did you try to log in using your (company name here) email name? Use your WikiName instead.

3. Edited bin/.htaccess so that the login prompt contains a reminder:

AuthName "Log in using your WikiName"

-- JonReid - 11 Feb 2002

I've done all the same things you have, and unfortunately it makes little difference. Good point about the cryptic handles, people tend to want to use these...

I think the simplest approach is just to let people use their normal Unix or Windows login name, since they already use those for everything else. TWiki does support this, it's just that it took me about a year including some reading of code to realise this was possible! Definitely needs adding to the TWikiDocumentation.

-- RichardDonkin - 12 Feb 2002

Since we have a complete authentication architecture at our company, and everybody is used to using login names, I tweaked TWiki.pm so that it would render %MAINWEB%.username automatically, and made all scripts authenticating.

See UseLoginNames for how I did it.

-- WoutMertens - 21 Jul 2002

I'd no idea this has had a solution for 4 years. My users repeatedly tell me that they try logging in as their commonly used handle or their email address.

Perhaps this can be scheduled for Dakar?

-- MartinCleaver - 21 Aug 2004

i thought the shortname scheme was removed because of security issues.

-- WillNorris - 22 Aug 2004

If someone could provide details as to the security issues, I would much appreciate it. I am so far convinced that we should StopUsingWikiNamesAsLoginNames.

-- MartinCleaver - 11 Oct 2004