Question

I have installed Basic Authentication (on edit) as described on the TWikiUserAuthentication page. When the user wants to edit a page, the logon dialog is shown and the user is forced to login - fine. But after entering the edit page, the user is still known as TWikiGuest and the edited page is "stamped" as edited by TWikiGuest.

As I am writing this on this support TWIKI, I can see that the edit page has recognized my login as "Your signature for easy copy and paste: -- JanRiis - 30 Nov 2005". On our site this signature contains TWikiGuest.

One consequence of this is that all changes to our site is saved as TWikiGuest (according to RCS) and I cannot track who made which changes.

I a aware of the view vs. edit/preview issue, and this problem is not it. Using viewauth.pl does not change the variables (TWIKIUSER, REMOTE_USER etc).

You are welcome to try it out on our site (with viewauth.pl). Log in with TestUser/testuser.

On the bottom of the main page I have added WIKIUSER, REMOTE_USER etc.

On the changes page you can see that all pagechanges are stored as if TwikiGuest made them (except when a new user is registering - why?).

All files are owned by the sosidk user, and the site is hosted by a web hotel, so I have no access to the server (other than ftp).

Environment

here

CGI::Session has been installed since I filed this question.

-- JanRiis - 30 Nov 2005

Answer

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.

You probably haven't enabled doRememberRemoteUser in TWiki.cfg. The release you are using uses the client IP address to remember who logged in.

-- CrawfordCurrie - 30 Nov 2005

Response

I have tried both with and without this variable set. When I set it to "1" nothing happens to the remoteusers.txt file (after closing the browser and reauthenticating on the site). See the current TWiki.cfg here

-- JanRiis - 30 Nov 2005

Well, it's a wild guess, but there are hints. I guess that the reason is in your Apache configuration.

Please check whether you have the following directives acting on your twiki directory:

Action       php-script /cgi/php
AddHandler   php-script ...

The hints:

• From your testenv.pl results I can see that your server is PHP enabled.
• The env variable REDIRECT_STATUS is set, so I guess you have force-cgi-redirect compiled into your PHP.
• The env variable REMOTE_USER is not set (as can be seen from %REMOTE_USER%)

What I guess:

• PHP is interfering with your Apache login. An internal redirect caused by force-cgi-redirect lets your request end in a directory where no authentication is in effect, therefore Apache does not pass REMOTE_USER as an environment variable.

What you should do:

• Make sure that there's no PHP handler defined four your TWiki directory and location.

-- HaraldJoerg - 30 Nov 2005

Just corresponded with our web hotel, and they say that this is not the case. However, your answer gave them another hint. Maybe it is cgi-wrap that is interferring somehow. This has been discussed here.

-- JanRiis - 02 Dec 2005