Tags:
archive_me1Add my vote for this tag create new tag
, view all tags
Question

How does a user or administrator change TWiki passwords?

They should be changed periodically, or (as I'm currently experiencing) a user may forget the password.

  • TWiki version: 1.11
  • Web server: Apache 1.3.x
  • Server OS: Solaris

-- RalphBroom - 17 Jan 2001

Answer This is a problem that anybody will have sooner or later when running Twiki. After I received several calls for password reset (which meant running through the entire procedure of deleting a line in .htpasswd, deleting the users Main. topic and asking the user to register again ... ) I wrote my own ResetPassword and ChangePassword extension to Twiki. Even if I am very sure that somebody else already did that job I'd like to give you my solution.

It consists of

twiki/bin/passwd perl script to deal with change and reset of password
twiki/data/Main/ChangePassword.txt the topic in Main web for change password
twiki/data/Main/ResetPassword.txt the topic in Main web for reset password
twiki/templates/oopsnotwikiuser.tmpl a oops form telling the user that he mistyped(?) his name
twiki/templates/oopswrongpassword.tmpl a form telling the user that he mistyped his ol password
twiki/templates/oopschangepasswd.tmpl a form telling the user that change of password succeeded
twiki/templates/oopsresetpasswd.tmpl a form telling the user how to proceed to get his password reset

You can find those files attached.

Note: This was my very first perl experience - I did it more or less using cut & paste from the original Twiki scripts - and it was my first CGI as well - so any enhancements are welcome - please let me know ...

-- KlausWriessnegger - 22 Jan 2001

Thanks Klaus for the contribution. I copied this topic over from the Support web. It will go into the TWiki core with some modifications.

-- PeterThoeny - 10 Feb 2001

Hi, is password handling also MD5 passwords? (I am getting a "wrong old password" error).

-- AndreaSterbini - 10 Feb 2001

Thanks for the password changes! You'll find my version at http://ftp.codemeta.com/netkits/TWiki20001201.password.tgz - it ensures that the authenticated user is allowed to change the user's page.

Sorry for the code fork, but I'm still getting the hang of TWiki, so thought I'd notify you via TWiki instead of email.

-- BruceDawson - 24 Feb 2001

Make "the program to call to generate/change passwords" a TWiki.cfg variable. I believe it changes from platform to platform and from webserver to webserver.

-- DavidLeBlanc - 11 Mar 2001

I have committed to alpha this implementation of Reset/Change Passwords (Thanks, Klaus!!!).

I have also written a similar script to do password installation. For a (not functioning) example see InstallPassword .

TODO: TWikiRenameUser

-- AndreaSterbini - 29 May 2001

I was just checking the MD5 ness of the above - it appears that it can't do it. Here's the code extract we use on our NT installation:

# Changes below by Main.TristanClarke, 13Mar01
# for storing MD5 encrypted passwords. See sub htpasswdGeneratePasswd
use MIME::Base64;  # http://www.cpan.org/modules/by-module/MIME/
use Digest::SHA1;  # http://www.cpan.org/modules/by-module/MD5/

sub htpasswdGeneratePasswd
{
    my ( $user, $passwd ) = @_;

    # Changed by Main.TristanClarke to store MD5 encrypted passwords as outlined at http://twiki.org/cgi-bin/view/Codev/ApachePasswords
    return $user."\:{SHA}".encode_base64( Digest::SHA1::sha1($passwd) ); 

    # the rest of this sub commented out.
    # by David Levy, Internet Channel, 1997
    # found at http://world.inch.com/Scripts/htpasswd.pl.html
    ...
}

If wanted, it needs applying to the passwd script and could be optional configured in using a variable in TWiki.cfg

-- MartinCleaver - 18 Jun 2001

Due to changes in TWiki libraries (wiki->TWiki) I've updated the files "ChangePassword.txt" and "passwd". Now it work with the stable TWikiRelease01Dec2001 and hopefully also with the upcoming BeijingRelease .

-- AndreUlrich - 14 Sep 2002

Hi. If you are going to do some work on these scripts, it would be good if you can fix HtPasswordCodeDuplication

Thanks, Martin.

-- MartinCleaver - 15 Sep 2002

Hi, packing all this stuff, like you mentioned on CodevDocumentationProject, in one library is reasonable. As I looked at the source, I realized that ChangePassword is already integrated in the TWikiRelease01Dec2001. So my work was redundant:( Maybe this Topic should be closed or marked as implemented?

Im not sure if I have the time to do it before Beijing, but I try. Can someone tell me, where the current TWiki source is?

-- AndreUlrich - 19 Sep 2002

Topic attachments
I Attachment History Action Size Date Who Comment
Texttxt ChangePassword.txt r1 manage 1.4 K 2002-09-14 - 08:48 AndreUlrich the topic in Main web for change password
Texttxt ResetPassword.txt   manage 1.2 K 2001-01-22 - 19:56 KlausWriessnegger the topic in Main web for reset password
Compressed Zip archivetgz TWiki20001201.password.tgz   manage 3.7 K 2001-03-12 - 14:49 BruceDawson Checks if authenticated user should change passwd.
Unknown file formattmpl oopschangepasswd.tmpl   manage 0.8 K 2001-01-22 - 19:58 KlausWriessnegger change of password succeeded
Unknown file formattmpl oopsnotwikiuser.tmpl   manage 1.0 K 2001-01-22 - 19:58 KlausWriessnegger a oops form telling the user that he mistyped(?)
Unknown file formattmpl oopsresetpasswd.tmpl   manage 0.9 K 2001-01-22 - 19:59 KlausWriessnegger how to proceed to get password reset
Unknown file formattmpl oopswrongpassword.tmpl   manage 1.0 K 2001-01-22 - 19:59 KlausWriessnegger the user mistyped his old pasword
Unknown file formatEXT passwd r1 manage 6.2 K 2002-09-14 - 08:49 AndreUlrich perl script to change and reset password
Edit | Attach | Watch | Print version | History: r18 < r17 < r16 < r15 < r14 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r18 - 2005-02-15 - SamHasler
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.