Question

Hi,

I've tried to lock down our new twiki so that only I can register users, and non-registered users can't view certain webs. I know that it's against the philosophy, but there is confidential information involved.

The activity is not going well. Users that I register can't use their activation email as they can't view the Twiki web. I'm aware that this is documented but not sure what to do about it, however for now I can workaround by enabling them to view the Twiki web until they have confirmed their account.

One of the issues that I have encountered is that I have managed to lock myself out of configure. It keeps popping up a login box, which I can login to ad infinitum. However, I'm in the admin group, and have no problem getting around other parts of the site that I've stopped the public viewing.

Is this a bug or have I done something silly?

Antony

Environment

-- AntonyGelberg - 06 Feb 2007

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

It looks like you set your TWiki to require a valid user for all scripts.

The configure script has two parts for access control. The script itself can be under view access control. Here is an example bin/.htaccess to control that:

<FilesMatch "configure.*">
       require user AntonyGelberg OtherAdminPerson
</FilesMatch>

The configure script has also a password to save changes. If you forget that, edit lib/LocalSite.cfg and remove the $TWiki::cfg{Password} line.

You can tell configure not to require e-mail verification. This makes sense in your case since you are the only person registering users.

-- PeterThoeny - 06 Feb 2007