Question

Hello Support, I have Basic Authentication working using the Apache web server (made a change in the httpd.conf file to point to the Apache password file).

I have the desired result when trying to access the TWiki site, but I have a problem. The problem is that the password file is not being managed by TWiki but by Apache! i.e. When I try to change the password I get the message "Password could not be changed - Your system may not support changing passwords through TWiki. Check with your TWiki administrator. " this is expected.

My question is what changes do I need to make so that users can change their own password using TWiki? I have tried changing the security settings on the config file to no avail!

Please help.

Environment

-- TWikiGuest - 09 Oct 2007

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

The problem is likely in the access permission of Apache's password file: It needs to be writable by the web server's user id, which it usually is not.

-- HaraldJoerg - 09 Oct 2007

Thanks for the quick responce Harald,

I changed the file permission on the password file, but I am still receiving the same error message. It seems as though my TWiki's security settings haven't been configured correctly! But I am not sure of which setting has to be changed.

-- TWikiGuest - 09 Oct 2007

Restart apache!

-- ZakaiKinan - 09 Oct 2007

I tried that too..!!

-- TWikiGuest - 11 Oct 2007

What are your settings of {LoginManager} and {PasswordManager} (should be 'TWiki::Users::HtPasswdUser') in configure?

What is your setting of {Htpasswd}{FileName}? Should be something '/your/path/to/twiki/data/.htpasswd' and must match the name in httpd.conf.

Is there something in either TWiki's warn file (data/warn200710.txt) or Apache's error file?

-- HaraldJoerg - 11 Oct 2007

Hi Harald,

Sorry for the late response, been tied up with another project, the answers to your question...

{loginmanager} = 'TWiki::Client::ApacheLogin' {passwordmanager} = 'TWiki::Users::HtPasswdUser'

Im not using the htpasswd filename as I am using apache authentication, and am using the apache\bin\htpasswd to add users to a file called passwd.txt in the same apache directory, and having users use that username and password - im new to apache authentication, and the way I have it works as I would like it except for the change password problem!

-- TWikiGuest - 31 Oct 2007

If you want to let your users change their passwords via TWiki, you need to configure the path of your passwd.txt to {Htpasswd}{FileName} (use forward slashes /, not windows-style \), and to allow your web server user id write access to that file with the usual Windows method.

-- HaraldJoerg - 31 Oct 2007

Thanks Harold, I have one question, please forgive my ignorance but I am a novice, but how would I give/ allow my web server user id write access to the passwd.txt file using the Windows method?

Many Thanks

-- TWikiGuest - 06 Nov 2007

My memories regarding Windows are fading, and Windows changes its interfaces with every version, so I don't know whether the following is helpful:

• You need to locate the Apache service in your Windows system control interface (called "services"). Click on its properties, it should reveal under which user id the server is running. It used to be the "local system account" in the old days.
• In Windows explorer, right click on the password file and select "Properties". There should be a tab for "Security" which shows which users have access to the file. If the user id running your Apache has no write access, add it.

-- HaraldJoerg - 06 Nov 2007

Thanks Harald,

I'll have a look/ investigate and will report my findings

-- TWikiGuest - 30 Nov 2007

Closing this support question after more than 30 days of inactivity. Please feel free to re-open if needed.

-- PeterThoeny - 01 Jan 2008