data/TWiki/ManagingUsers.txt,v
author Colas Nahaboo <colas@nahaboo.net>
Sat, 26 Jan 2008 15:50:53 +0100
changeset 0 414e01d06fd5
permissions -rw-r--r--
RELEASE 4.2.0 freetown
colas@0
     1
head	1.6;
colas@0
     2
access;
colas@0
     3
symbols;
colas@0
     4
locks; strict;
colas@0
     5
comment	@# @;
colas@0
     6
colas@0
     7
colas@0
     8
1.6
colas@0
     9
date	2008.01.22.03.21.26;	author TWikiContributor;	state Exp;
colas@0
    10
branches;
colas@0
    11
next	1.5;
colas@0
    12
colas@0
    13
1.5
colas@0
    14
date	2007.01.16.04.11.56;	author TWikiContributor;	state Exp;
colas@0
    15
branches;
colas@0
    16
next	1.4;
colas@0
    17
colas@0
    18
1.4
colas@0
    19
date	2006.06.25.16.26.25;	author TWikiContributor;	state Exp;
colas@0
    20
branches;
colas@0
    21
next	1.3;
colas@0
    22
colas@0
    23
1.3
colas@0
    24
date	2006.04.01.05.55.08;	author TWikiContributor;	state Exp;
colas@0
    25
branches;
colas@0
    26
next	1.2;
colas@0
    27
colas@0
    28
1.2
colas@0
    29
date	2006.02.01.12.01.17;	author TWikiContributor;	state Exp;
colas@0
    30
branches;
colas@0
    31
next	1.1;
colas@0
    32
colas@0
    33
1.1
colas@0
    34
date	2004.08.15.08.14.20;	author PeterThoeny;	state Exp;
colas@0
    35
branches;
colas@0
    36
next	;
colas@0
    37
colas@0
    38
colas@0
    39
desc
colas@0
    40
@none
colas@0
    41
@
colas@0
    42
colas@0
    43
colas@0
    44
1.6
colas@0
    45
log
colas@0
    46
@buildrelease
colas@0
    47
@
colas@0
    48
text
colas@0
    49
@%META:TOPICINFO{author="TWikiContributor" date="1158277691" format="1.1" version="6"}%
colas@0
    50
%STARTINCLUDE%
colas@0
    51
---+ Manage Users
colas@0
    52
colas@0
    53
_Register users on your TWiki site; change/reset/install passwords; remove user accounts_
colas@0
    54
colas@0
    55
%TOC%
colas@0
    56
colas@0
    57
%X% Some of the features below may be disabled, depending on your TWiki
colas@0
    58
configuration.
colas@0
    59
colas@0
    60
---++ Authentication and Access Control
colas@0
    61
colas@0
    62
   * TWikiUserAuthentication describes your options for user authentication
colas@0
    63
   * TWikiAccessControl describes how to define groups and how to restrict
colas@0
    64
     access to content
colas@0
    65
colas@0
    66
---++ Register User
colas@0
    67
colas@0
    68
You don't have to have user home pages in TWiki for Authentication to
colas@0
    69
work - see TWikiUserAuthentication for details.
colas@0
    70
colas@0
    71
   * TWikiRegistration is used when you want new users to individually
colas@0
    72
     register with TWiki by filling out a form
colas@0
    73
   * You can create a custom versions of %TWIKIWEB%.NewUserTemplate and
colas@0
    74
     %TWIKIWEB%.UserForm
colas@0
    75
   * BulkRegistration is used by administrators to register multiple users at
colas@0
    76
     the same time
colas@0
    77
colas@0
    78
---++ Change, Reset and Install Passwords
colas@0
    79
colas@0
    80
_Note that the below features are only relevant when you use an internal password manager where TWiki can set and reset passwords._
colas@0
    81
colas@0
    82
   * ChangePassword is for users who _can_ remember their password and want to
colas@0
    83
     change it
colas@0
    84
   * ResetPassword is for users who _cannot_ remember their password; a system
colas@0
    85
     generated password is e-mailed to them
colas@0
    86
   * BulkResetPassword if for administrators who want to reset many passwords
colas@0
    87
     at once
colas@0
    88
   * ChangeEmailAddress changes the hidden email address stored in the password
colas@0
    89
     file
colas@0
    90
colas@0
    91
---++ Changing User Account Names
colas@0
    92
colas@0
    93
To change the user's WikiName:
colas@0
    94
   * Rename the user's TWiki homepage in the %MAINWEB% web, such as
colas@0
    95
     from =JaneSmith= to =JaneMiller=.
colas@0
    96
      * Fix backlinks in the %MAINWEB% web only
colas@0
    97
      * Make sure the group topics are updated (if any.)
colas@0
    98
   * Edit the [[%MAINWEB%.TWikiUsers]] topic and move the user's entry so
colas@0
    99
     that the list is in proper alphabetical order.
colas@0
   100
   * Recreate the old topic with a pointer to the new topic, so that links
colas@0
   101
     in other webs work properly. Example content:%BR%
colas@0
   102
     =%<nop>M% Jane Smith is now known as !JaneMiller=
colas@0
   103
colas@0
   104
If external authentication is used and you want to change the login name:
colas@0
   105
   * The login name needs to be changed in the authentication server (e.g.
colas@0
   106
     Active Directory)
colas@0
   107
   * In TWiki's [[%MAINWEB%.TWikiUsers]] topic, fix the mapping from
colas@0
   108
     login name to WikiName:%BR%
colas@0
   109
     =&nbsp;  * !JaneSmith - jsmith - 13 Sep 2006= %BR%
colas@0
   110
     to: %BR%
colas@0
   111
     =&nbsp;  * !JaneMiller - jmiller - 13 Sep 2006=
colas@0
   112
colas@0
   113
---++ Removing User Accounts
colas@0
   114
colas@0
   115
To remove a user account (<nop>FredQuimby, who logs in as "fred"):
colas@0
   116
colas@0
   117
   1 If you are using a =.htpasswd= file, edit the =.htpasswd= file to
colas@0
   118
     delete the line starting =fred:=
colas@0
   119
      * *Warning:* Do *not* use the Apache =htpasswd= program with
colas@0
   120
        =.htpasswd= files generated by TWiki! =htpasswd= wipes out email
colas@0
   121
        addresses that TWiki plants in the info fields of this file.
colas@0
   122
   2 Remove the =FredQuimby - fred= line from the <nop>%MAINWEB%.TWikiUsers
colas@0
   123
     topic
colas@0
   124
   3 Remove =FredQuimby= from all groups and from all the
colas@0
   125
      =ALLOWWEB/ALLOWTOPIC...= declarations, if any.%BR% __Note:__ If you
colas@0
   126
      fail to do this you risk creating a security hole, as the next user to
colas@0
   127
      register with the wikiname Fred<nop>Quimby will inherit the old
colas@0
   128
      Fred<nop>Quimby's permissions.
colas@0
   129
   4 _[optional]_ Delete their user topic %MAINWEB%.<nop>FredQuimby
colas@0
   130
     (including attachments, if any.)
colas@0
   131
colas@0
   132
__Note:__ Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic. If you want to make it clear the user is no longer around, replace the topic content with a note to that effect. The existance of the <nop>UserName topic should also prevent that user name from being re-used, sealing the potential security hole regarding inherited permissions..
colas@0
   133
colas@0
   134
__Related Topics:__ AdminDocumentationCategory
colas@0
   135
@
colas@0
   136
colas@0
   137
colas@0
   138
1.5
colas@0
   139
log
colas@0
   140
@buildrelease
colas@0
   141
@
colas@0
   142
text
colas@0
   143
@d1 1
colas@0
   144
a1 2
colas@0
   145
%META:TOPICINFO{author="TWikiContributor" date="1158277691" format="1.1" version="5"}%
colas@0
   146
%TOC%
colas@0
   147
d3 1
colas@0
   148
a3 1
colas@0
   149
---# Manage Users
colas@0
   150
d7 5
colas@0
   151
d14 3
colas@0
   152
a16 2
colas@0
   153
   * TWikiUserAuthentication describes options of user authentication
colas@0
   154
   * TWikiAccessControl describes how to define groups and how to restrict access to content
colas@0
   155
d20 2
colas@0
   156
a21 1
colas@0
   157
It is not necessary to have user home pages in the TWiki system for Authentication to work - see TWikiUserAuthentication for details.
colas@0
   158
d23 6
colas@0
   159
a28 3
colas@0
   160
   * TWikiRegistration is for users to fill out a form
colas@0
   161
   * %TWIKIWEB%.NewUserTemplate can be changed to customize user home pages, it can optionally use the %MAINWEB%.UserForm to define user fields as meta data
colas@0
   162
   * BulkRegistration is for administrators to use to set up one or more accounts: either from a table or from an external file
colas@0
   163
d32 10
colas@0
   164
a41 3
colas@0
   165
   * ChangePassword is for users who can remember their password and want to change it
colas@0
   166
   * ResetPassword is for users who cannot remember their password; a system generated password is e-mailed to them
colas@0
   167
   * BulkResetPassword if for administrators who want to reset many passwords at once
colas@0
   168
d46 2
colas@0
   169
a47 1
colas@0
   170
   * Rename the user's TWiki homepage in the %MAINWEB% web, such as from =JaneSmith= to =JaneMiller=.
colas@0
   171
d50 4
colas@0
   172
a53 2
colas@0
   173
   * Edit the [[%MAINWEB%.TWikiUsers]] topic and move the user's entry so that the list is in proper alphabetical order.
colas@0
   174
   * Recreate the old topic with a pointer to the new topic, so that links in other webs work properly. Example content:%BR%
colas@0
   175
d57 5
colas@0
   176
a61 3
colas@0
   177
   * The login name needs to be changed in the directory server, such as AD or LDAP
colas@0
   178
   * In TWiki's [[%MAINWEB%.TWikiUsers]] topic, fix the mapping from login name to WikiName such as from:%BR%
colas@0
   179
     =&nbsp;  * !JohnSmith - john - 13 Sep 2006= %BR%
colas@0
   180
d63 1
colas@0
   181
a63 1
colas@0
   182
     =&nbsp;  * !JohnSmith - jsmith - 13 Sep 2006=
colas@0
   183
d69 14
colas@0
   184
a82 5
colas@0
   185
   1 If you are using a =.htpasswd= file, edit the =.htpasswd= file to delete the line starting =fred:=
colas@0
   186
      * *Warning:* Do *not* use the Apache =htpasswd= program with =.htpasswd= files generated by TWiki! =htpasswd= wipes out email addresses that TWiki plants in the info fields of this file.
colas@0
   187
   2 Remove the =FredQuimby - fred= line from the <nop>%MAINWEB%.TWikiUsers topic
colas@0
   188
   3 Remove =FredQuimby= from all groups and from all the =ALLOWWEB/ALLOWTOPIC...= declarations, if any.%BR% __Note:__ If you fail to do this you risk creating a security hole, as the next user to register with the wikiname Fred<nop>Quimby will inherit the old Fred<nop>Quimby's permissions.
colas@0
   189
   4 _[optional]_ Delete their user topic %MAINWEB%.<nop>FredQuimby (including attachments, if any.)
colas@0
   190
d84 1
colas@0
   191
a84 1
colas@0
   192
__Note:__ Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic. If you want to make it clear the user is no longer with the organization or has been banished, replace the topic content with a note to that effect. The existance of the <nop>UserName topic should also prevent that user name from being re-used, sealing the potential security hole regarding inherited permissions..
colas@0
   193
@
colas@0
   194
colas@0
   195
colas@0
   196
1.4
colas@0
   197
log
colas@0
   198
@buildrelease
colas@0
   199
@
colas@0
   200
text
colas@0
   201
@d1 1
colas@0
   202
a1 1
colas@0
   203
%META:TOPICINFO{author="TWikiContributor" date="1111929255" format="1.0" version="4"}%
colas@0
   204
d27 17
colas@0
   205
d52 1
colas@0
   206
a52 1
colas@0
   207
   4 _[optional]_ Delete their user topic %MAINWEB%.<nop>FredQuimby.
colas@0
   208
@
colas@0
   209
colas@0
   210
colas@0
   211
1.3
colas@0
   212
log
colas@0
   213
@buildrelease
colas@0
   214
@
colas@0
   215
text
colas@0
   216
@d1 1
colas@0
   217
a1 1
colas@0
   218
%META:TOPICINFO{author="TWikiContributor" date="1111929255" format="1.0" version="3"}%
colas@0
   219
d32 1
colas@0
   220
@
colas@0
   221
colas@0
   222
colas@0
   223
1.2
colas@0
   224
log
colas@0
   225
@buildrelease
colas@0
   226
@
colas@0
   227
text
colas@0
   228
@d1 1
colas@0
   229
a1 1
colas@0
   230
%META:TOPICINFO{author="TWikiContributor" date="1111929255" format="1.0" version="2"}%
colas@0
   231
d10 2
colas@0
   232
a11 2
colas@0
   233
	* TWikiUserAuthentication describes options of user authentication
colas@0
   234
	* TWikiAccessControl describes how to define groups and how to restrict access to content
colas@0
   235
d17 3
colas@0
   236
a19 3
colas@0
   237
	* TWikiRegistration is for users to fill out a form
colas@0
   238
	* %TWIKIWEB%.NewUserTemplate can be changed to customize user home pages, it can optionally use the %MAINWEB%.UserForm to define user fields as meta data
colas@0
   239
	* BulkRegistration is for administrators to use to set up one or more accounts: either from a table or from an external file
colas@0
   240
d23 3
colas@0
   241
a25 3
colas@0
   242
	* ChangePassword is for users who can remember their password and want to change it
colas@0
   243
	* ResetPassword is for users who cannot remember their password; a system generated password is e-mailed to them
colas@0
   244
	* BulkResetPassword if for administrators who want to reset many passwords at once
colas@0
   245
d31 4
colas@0
   246
a34 4
colas@0
   247
	1 If you are using a =.htpasswd= file, edit the =.htpasswd= file to delete the line starting =fred:=
colas@0
   248
	2 Remove the =FredQuimby - fred= line from the <nop>%MAINWEB%.TWikiUsers topic
colas@0
   249
	3 Remove =FredQuimby= from all groups and from all the =ALLOWWEB/ALLOWTOPIC...= declarations, if any.%BR% __Note:__ If you fail to do this you risk creating a security hole, as the next user to register with the wikiname Fred<nop>Quimby will inherit the old Fred<nop>Quimby's permissions.
colas@0
   250
	4 _[optional]_ Delete their user topic %MAINWEB%.<nop>FredQuimby.
colas@0
   251
@
colas@0
   252
colas@0
   253
colas@0
   254
1.1
colas@0
   255
log
colas@0
   256
@none
colas@0
   257
@
colas@0
   258
text
colas@0
   259
@d1 1
colas@0
   260
a1 1
colas@0
   261
%META:TOPICINFO{author="PeterThoeny" date="1092557660" format="1.0" version="1.1"}%
colas@0
   262
d5 1
colas@0
   263
d15 2
colas@0
   264
d18 2
colas@0
   265
a19 1
colas@0
   266
	* NewUserTemplate can be changed to customize user home pages
colas@0
   267
d23 3
colas@0
   268
a25 3
colas@0
   269
	* ChangePassword is for users who remember their password
colas@0
   270
	* ResetPassword is for users who do _not_ remember their password; they are asked to send a request to the site administrator to install a new password
colas@0
   271
	* InstallPassword is for the site administrator to install a password
colas@0
   272
d29 1
colas@0
   273
a29 6
colas@0
   274
To remove a user account:
colas@0
   275
colas@0
   276
	1 Edit the =data/.htpasswd= file to delete their entry (only applies if you are using a .htpasswd file)
colas@0
   277
	2 Remove the =FredQuimby= line from the <nop>%MAINWEB%.TWikiUsers topic
colas@0
   278
	3 Remove user from all groups and from all the =ALLOWWEB/ALLOWTOPIC...= declarations, if any.%BR% __Note:__ Otherwise this is a security hole as the first one to re-register with this name will be granted the permissions of the previous user.
colas@0
   279
	4 _[optional]_ Remove their topic files: =data/%MAINWEB%/FredQuimby.txt= and =data/%MAINWEB%/FredQuimby.txt,v=
colas@0
   280
d31 4
colas@0
   281
a34 1
colas@0
   282
__Note:__ Consider leaving the user topic file in place so their past signatures and revision author entries don't end up looking like AnUncreatedTopic. If you want to make it clear the user is inactive on your site (e.g. %MAINWEB%.PeterThoeny) or has been banished add a note to that effect and write protect the page (TWikiAccessControl). The existance of the <nop>UserName topic prevent that user name from being re-used.
colas@0
   283
d36 1
colas@0
   284
a36 2
colas@0
   285
-- TWiki:Main.MattWilkie - 21 Jul 2003 %BR%
colas@0
   286
-- TWiki:Main.PeterThoeny - 15 Aug 2004
colas@0
   287
d38 1
colas@0
   288
@