Question
Hi,
I've tried to lock down our new twiki so that only I can register users, and non-registered users can't view certain webs. I know that it's against the philosophy, but there is confidential information involved.
The activity is not going well. Users that I register can't use their activation email as they can't view the Twiki web. I'm aware that this is documented but not sure what to do about it, however for now I can workaround by enabling them to view the Twiki web until they have confirmed their account.
One of the issues that I have encountered is that I have managed to lock myself out of configure. It keeps popping up a login box, which I can login to ad infinitum. However, I'm in the admin group, and have no problem getting around other parts of the site that I've stopped the public viewing.
Is this a bug or have I done something silly?
Antony
Environment
--
AntonyGelberg - 06 Feb 2007
Answer
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
It looks like you set your TWiki to require a valid user for all scripts.
The configure script has two parts for access control. The script itself can be under view access control. Here is an example
bin/.htaccess to control that:
<FilesMatch "configure.*">
require user AntonyGelberg OtherAdminPerson
</FilesMatch>
The configure script has also a password to
save changes. If you forget that, edit
lib/LocalSite.cfg and remove the
$TWiki::cfg{Password} line.
You can tell configure not to require e-mail verification. This makes sense in your case since you are the only person registering users.
--
PeterThoeny - 06 Feb 2007