Question

I seem to have setup .htaccess Registration correctly, in so far as: I have copied the TWikiRegistrationPub.txt file over the TwikiRegistration.txt file, and checked it in. (I did this rather than replace the ...,v file because I wanted to be able to go back if necessary.) The registration form now completes successfully after I removed the entries for my name (from data/Main/HughSasse.txt and data/Main/HughSasse.txt,v).

So far so good. However, whenever I try to Edit, even with a new browser, the page gets edited as TWikiGuest. I do not get the login prompt that I expect. I can therefore find no way to login as myself rather than TWikiGuest.

I didn't edit the Users page itself to remove myself before re-creating myself. This may possibly be the flaw, but then there is an explicit injunction on the page about this: it says to use the Registration form instead editing the page.

I think there is possibly some inconsistency in the data structures that are checked to see what must be done. Before I removed the HughSasse.txt and HughSasse.txt,v files I was not able to login because my account did not exist, and I was not able to register because my account did exist. I also think it is odd that I should have to delete my page to change the way I log in.

If the relationship between these files (Users, the user's page, and htpasswd) and how they are tested during the edit/login process is decumented somewhere, I don't mind having a go at writing a Twiki-lint to check this consistency. There seem to he a significant number of pages relating to this in the support area, so it looks worth the effort.

• TWiki version: obtained as TWiki20030201.tar.gz
• Perl version: 5.6.1
• Web server & version: Apache 1.3.27
• Server OS: Solaris 9
• Web browser & version: Mozilla Firebird 0.5
• Client OS: Win98

-- HughSasse - 12 May 2003

Answer

It is apache's authorization mechanism which asks the browser to produce credentials and not the TWiki scripts. Since you are not getting the login prompt, there is still a configuration problem in .htaccess and/or apache is configured to ignore .htaccess processing for your directory. Thus, security (and subsequent tracking of the users by the TWiki scripts) is not enabled.

Some sort of TWiki-lint to match the entries of .htpasswd file with the user's .txt would be nice to have, regardless.

-- TomKagan - 16 May 2003

Thank you, this has helped me solve the problem.

Basically, I had setup the config file as described in the documentation, but when I had moved the authentication file and .htpasswd file I had not modified httpd.conf. The documentation for Apache is quite firm on not using .htaccess files unless one really has to, so I moved the directives from there to within the appropriate <Directory> directives, making sure there was a "Require valid-user" in each as well, and the requirment to login is now satisfied.

Notice in particular that AllowOverride None means that .htaccess will not be consulted as that needs AuthConfig at least for this to work. But, again, you don't want to enable .htaccess files if you can help it, because directories and subdirectories will then be searched for them.

-- HughSasse - 19 May 2003