We are using TWiki for both our internal and external Wiki servers. During our last upgrade we decided to restrict access to the Main web, by only allowing TWikiRegistrationAgent
to make changes to the Main web. This seemed to work great for our external TWiki server. But for our internal TWiki server we make use of SPNEGO to enable the users to make use of the “Integrated Windows Authentication”. Therefore we had to set the passwordManager on None in the TWiki configuration. This always worked fine. During our last upgrade of the Internal TWiki server we also restricted the write access to the Main web in the same way we had done this for our external TWiki server. But from now on users are unable to register properly. Although their user account is created and added to TWikiUsers
topic, they don’t receive an email and they are getting the following error message: Access check on TWikiRegistration failed. Action "CHANGE": access not allowed on web.
The owner of the new TWiki user account stays on BaseUserMapping
_222. I’ve tried to reproduce this problem with a new clean installation of the TWiki software. I found out that as soon as I set passwordManager to None and when write access to the Main web is restricted, we are receiving the same error message. I also found out the following during this test:
1. When PasswordManager
is set to None OR to HtPasswdUser
and write access to Main web is NOT restricted -> The new registered TWiki user account will have two revision. The first revision is created by TWikiRegistrationAgent
and the second by the just registered user.
2. When PasswordManager
and write access to Main web is restricted -> The new registered user account will have only one revisions which is created by TWikiRegistrationAgent
3. When PasswordManager
= None and write access to Main web is restricted -> The new registered user account will have one revision which is created by BaseUserMapping
_222 (which seems to be the TWikiRegistrationAgent
user). Then TWiki seems to try to create the second revision by using the just registered owner. I think this is where the problem is located, because the only account allowed to edit the Main web is TWikiRegistrationAgent
So if I’m understanding this correctly: It seems that although the second implementation of registration must be used (Because Main Web is restricted for writing), but when passwordManager is set to None it tries to register using the first implementation.
Is this a bug in the TWiki software or does someone know how to solve this problem?
Thank you in advance!
- 24 Sep 2009
I forgot to mention there is no error message in either the logging of apache nor in the logging of TWiki
- 24 Sep 2009
I re-prioritized this from urgent to normal. Anyone with interest can pick this up and fix.