Difference: ManagingUsers (1 vs. 2)

Revision 227 Mar 2005 - Main.TWikiContributor

  Manage Users
  Register User
->
>
+It is not necessary to have user home pages in the TWiki system for Authentication to work - see TWikiUserAuthentication for details.
  TWikiRegistration is for users to fill out a form
-<
<
+ NewUserTemplate can be changed to customize user home pages
->
>
+ NewUserTemplate can be changed to customize user home pages, it can optionally use the UserForm to define user fields as meta data
  BulkRegistration is for administrators to use to set up one or more accounts: either from a table or from an external file
  Change, Reset and Install Passwords
-<
<
+ ChangePassword is for users who remember their password
  ResetPassword is for users who do not remember their password; they are asked to send a request to the site administrator to install a new password
  InstallPassword?  is for the site administrator to install a password
->
>
+ ChangePassword is for users who can remember their password and want to change it
  ResetPassword is for users who cannot remember their password; a system generated password is e-mailed to them
  BulkResetPassword if for administrators who want to reset many passwords at once
  Removing User Accounts
-<
<
+To remove a user account:
 

 Edit the data/.htpasswd file to delete their entry (only applies if you are using a .htpasswd file)
  Remove the FredQuimby line from the Main.TWikiUsers topic
  Remove user from all groups and from all the ALLOWWEB/ALLOWTOPIC... declarations, if any.
 Note: Otherwise this is a security hole as the first one to re-register with this name will be granted the permissions of the previous user.
  [optional] Remove their topic files: data/Main/FredQuimby.txt and data/Main/FredQuimby.txt,v
->
>
+To remove a user account (FredQuimby, who logs in as "fred"):
-<
<
+Note: Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic? . If you want to make it clear the user is inactive on your site (e.g. PeterThoeny) or has been banished add a note to that effect and write protect the page (TWikiAccessControl). The existance of the UserName topic prevent that user name from being re-used.
->
>
+ If you are using a .htpasswd file, edit the .htpasswd file to delete the line starting fred:
  Remove the FredQuimby - fred line from the Main.TWikiUsers topic
  Remove FredQuimby from all groups and from all the ALLOWWEB/ALLOWTOPIC... declarations, if any.
 Note: If you fail to do this you risk creating a security hole, as the next user to register with the wikiname FredQuimby will inherit the old FredQuimby's permissions.
  [optional] Delete their user topic Main.FredQuimby.
-<
<
+-- TWiki:Main.MattWilkie - 21 Jul 2003 

-- TWiki:Main.PeterThoeny - 15 Aug 2004
->
>
+Note: Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic? . If you want to make it clear the user is no longer with the organization or has been banished, replace the topic content with a note to that effect. The existance of the UserName topic should also prevent that user name from being re-used, sealing the potential security hole regarding inherited permissions..
->
>
+Related Topics: AdminDocumentationCategory

Revision 115 Aug 2004 - PeterThoeny

Line: 1 to 1

Line: 1 to 1
Added:
> >	On this page: Authentication and Access Control Register User Change, Reset and Install Passwords Removing User Accounts Manage Users Register users on your TWiki site; change/reset/install passwords; remove user accounts Authentication and Access Control TWikiUserAuthentication describes options of user authentication TWikiAccessControl describes how to define groups and how to restrict access to content Register User TWikiRegistration is for users to fill out a form NewUserTemplate can be changed to customize user home pages Change, Reset and Install Passwords ChangePassword is for users who remember their password ResetPassword is for users who do not remember their password; they are asked to send a request to the site administrator to install a new password InstallPassword? is for the site administrator to install a password Removing User Accounts To remove a user account: Edit the `data/.htpasswd` file to delete their entry (only applies if you are using a .htpasswd file) Remove the `FredQuimby` line from the Main.TWikiUsers topic Remove user from all groups and from all the `ALLOWWEB/ALLOWTOPIC...` declarations, if any. *Note:* Otherwise this is a security hole as the first one to re-register with this name will be granted the permissions of the previous user. [optional] Remove their topic files: `data/Main/FredQuimby.txt` and `data/Main/FredQuimby.txt,v` *Note:* Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic? . If you want to make it clear the user is inactive on your site (e.g. PeterThoeny) or has been banished add a note to that effect and write protect the page (TWikiAccessControl). The existance of the UserName topic prevent that user name from being re-used. -- TWiki:Main.MattWilkie - 21 Jul 2003 -- TWiki:Main.PeterThoeny - 15 Aug 2004

Added:

>
>

On this page:

Manage Users

Register users on your TWiki site; change/reset/install passwords; remove user accounts

Authentication and Access Control

TWikiUserAuthentication describes options of user authentication
TWikiAccessControl describes how to define groups and how to restrict access to content

Register User

TWikiRegistration is for users to fill out a form
NewUserTemplate can be changed to customize user home pages

Change, Reset and Install Passwords

ChangePassword is for users who remember their password
ResetPassword is for users who do not remember their password; they are asked to send a request to the site administrator to install a new password
InstallPassword? is for the site administrator to install a password

Removing User Accounts

To remove a user account:

Edit the data/.htpasswd file to delete their entry (only applies if you are using a .htpasswd file)
Remove the FredQuimby line from the Main.TWikiUsers topic
Remove user from all groups and from all the ALLOWWEB/ALLOWTOPIC... declarations, if any.
Note: Otherwise this is a security hole as the first one to re-register with this name will be granted the permissions of the previous user.
[optional] Remove their topic files: data/Main/FredQuimby.txt and data/Main/FredQuimby.txt,v

Note: Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic? . If you want to make it clear the user is inactive on your site (e.g. PeterThoeny) or has been banished add a note to that effect and write protect the page (TWikiAccessControl). The existance of the UserName topic prevent that user name from being re-used.

-- TWiki:Main.MattWilkie - 21 Jul 2003
-- TWiki:Main.PeterThoeny - 15 Aug 2004

View topic | History: r6 < r5 < r4 < r3 | More topic actions...

Copyright � by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.ManagingUsers