Question

Hi folks,

I am using TWiki with Intranet Authentication. So far so good, but I see that while the registration page asks for the Intranet username, it does not ask for the password (which already exists in twiki/data/.htpasswd. So anyone can register (but not necessarily edit pages).

1. How can I ensure that
   • only users who have valid intranet accounts (in .htpasswd) can register in the first place (I do not want to pre-register them all)
   • the existing intranet password gets checked on registration so no rogue registration against an existing intranet account is possible
   • no duplicate registration against the same intranet username is allowed.
2. Is there a way to automatically add successful registrants to a given group?

• TWiki version: 01 Dec 2002
• Perl version: 5.6
• Web server & version: apache 1.3
• Server OS:
• Web browser & version:
• Client OS:

-- MathiasKoerber - 30 Dec 2002

Answer

Why has this been marked "closed, unanswered" when it is only a month old?

I don't have an answer, but I think I know in what direction the answer lies: Investigate using your existing authentication structure entirely and leave twiki out of the loop. Twiki relies on the %REMOTEUSER% environment variable to determine who the user is, have your web server populate that variable and then twiki doesn't have to do any password management.

I have been almost successful with this using Linux-Apache in a Windows NT domain, see TransparentAuthentication. When I next tackle this problem I think using LDAP might work better. For an IIS and IE environment there is a working solution already, see CookbookWindowsIISSetup.

-- MattWilkie - 08 Feb 2003