This
TWikiSite is largely a default install of the
TWiki web-base collaboration system. If you wish to start your own Wiki, download it from
http://twiki.org/download.html, follow the detailed installation instructions, are you're 95% finished.
Subwiki is a mostly-public TWiki site. However, there
are certain parts that I want to restrict access to, and certain pages that I only want to be editable by trusted administrators. TWiki doesn't currently have an easy way to allow changes by anonymous visitors and logged-on users, but that can be changed fairly easily.
The basic idea is to shift as much responsibility for authorization from Apache to TWiki as possible. I've accomplished this by creating an "auth" script which causes TWiki to begin tracking the visitor's session, and configuring Apache to authenticate access to that script (and
only that script). Once the visitor is logged in, TWiki's own authorization mechanisms regulate what that person can and cannot do.
I've installed and tested two session-tracking systems: one came with TWiki, and the other, more featureful method had to be installed separately. Read both sections below and pick one:
I had been using TWiki's "doRememberRemoteUser" option to track users once they log in. This isn't a perfect system; web proxies and dynamic IPs can cause unexpected results. However, it's easy to set up, and requires no additional software.
If you wish to use the "doRememberRemoteUser" method, these instructions should get you a minimal login system:
- Edit lib/TWiki.cfg. Change "$doRememberRemoteUser" from "0" to "1".
- Copy bin/view to bin/auth and apply these changes:
--- view Thu Aug 22 14:06:23 2002
+++ auth Thu Aug 22 14:01:10 2002
- $tmpl = &TWiki::Store::readTemplate( "view", $skin );
+ $tmpl = &TWiki::Store::readTemplate( "auth", $skin );
- . "Template file view.tmpl not found or template directory \n"
+ . "Template file auth.tmpl not found or template directory \n"
- Edit bin/.htaccess . Comment out the "require valid-user" stanzas, and add:
<Files "auth">
require valid-user
</Files>
- Finally, add a link to the new 'auth' action to each topic's WEBTOPICLIST (or wherever else you want it):
<a href="%SCRIPTURL%/auth/%WEB%/%TOPIC%">Log in</a>
If you'd prefer to use cookie-based session management, get the
SessionPlugin from
TWiki:Plugins/SessionPlugin and install it. Note the additional instructions under
BUG WARNING. Next, get the patch from
TWiki:Plugins/SessionPluginDev to make
SessionPlugin work correctly with newer versions of TWiki and install it. Please know that TWiki is being re-written to include this functionality in the main program, but the new system isn't available yet.
Making this method work is very similar to the above set of instructions:
- Edit bin/.htaccess . Comment out the "require valid-user" stanzas, and add:
<Files "logon">
require valid-user
</Files>
- Finally, add a link to the new 'auth' action to each topic's WEBTOPICLIST (or wherever else you want it):
<a href="%SCRIPTURL%/logon/%WEB%/%TOPIC%">Log in</a>
Voila! You should now have a logon button on your site!
Now, site visitors can view (and edit) anything you've given them access to via the rules in
TWikiAccessControl. However, should a visitor wish to edit a restricted page, they merely have to click the "log in" link, enter their username and password, and go on about their business.
--
KirkStrauser - 11 Sep 2002