Question
I have installed Basic Authentication (on edit) as described on the
TWikiUserAuthentication page. When the user wants to edit a page, the logon dialog is shown and the user is forced to login - fine. But
after entering the edit page, the user is still known as TWikiGuest and the edited page is "stamped" as edited by TWikiGuest.
As I am writing this on
this support TWIKI, I can see that the edit page has recognized my login as "Your signature for easy copy and paste: --
JanRiis - 30 Nov 2005". On our site this signature contains TWikiGuest.
One consequence of this is that all changes to our site is saved as TWikiGuest (according to
RCS) and I cannot track who made which changes.
I a aware of the view vs. edit/preview issue, and this problem is not it. Using viewauth.pl does
not change the variables (TWIKIUSER, REMOTE_USER etc).
You are welcome to
try it out on our site (with viewauth.pl)
. Log in with TestUser/testuser.
On the bottom of the main page I have added WIKIUSER, REMOTE_USER etc.
On the
changes page
you can see that all pagechanges are stored as if TwikiGuest made them (except when a new user is registering - why?).
All files are owned by the
sosidk user, and the site is hosted by a web hotel, so I have no access to the server (other than ftp).
Environment
See result from testenv
here
CGI::Session has been installed since I filed this question.
--
JanRiis - 30 Nov 2005
Answer
If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.
You probably haven't enabled doRememberRemoteUser in TWiki.cfg. The release you are using uses the client IP address to remember who logged in.
--
CrawfordCurrie - 30 Nov 2005
Response
I have tried both with and without this variable set. When I set it to "1" nothing happens to the remoteusers.txt file (after closing the browser and reauthenticating on the site). See the current
TWiki.cfg here
--
JanRiis - 30 Nov 2005
Well, it's a wild guess, but there are hints. I guess that the reason is in your Apache configuration.
Please check whether you have the following directives acting on your twiki directory:
Action php-script /cgi/php
AddHandler php-script ...
The hints:
- From your
testenv.pl results I can see that your server is PHP enabled.
- The env variable
REDIRECT_STATUS is set, so I guess you have force-cgi-redirect compiled into your PHP.
- The env variable
REMOTE_USER is not set (as can be seen from %REMOTE_USER%)
What I guess:
- PHP is interfering with your Apache login. An internal redirect caused by
force-cgi-redirect lets your request end in a directory where no authentication is in effect, therefore Apache does not pass REMOTE_USER as an environment variable.
What you should do:
- Make sure that there's no PHP handler defined four your TWiki directory and location.
--
HaraldJoerg - 30 Nov 2005
Just corresponded with our web hotel, and they say that this is not the case. However, your answer gave them another hint. Maybe it is cgi-wrap that is interferring somehow. This has been discussed
here.
--
JanRiis - 02 Dec 2005