Item6328: Unable to create new users when passwordManager is set to None and write access to Main web is restricted.

We are using TWiki for both our internal and external Wiki servers. During our last upgrade we decided to restrict access to the Main web, by only allowing TWikiRegistrationAgent to make changes to the Main web. This seemed to work great for our external TWiki server. But for our internal TWiki server we make use of SPNEGO to enable the users to make use of the “Integrated Windows Authentication”. Therefore we had to set the passwordManager on None in the TWiki configuration. This always worked fine. During our last upgrade of the Internal TWiki server we also restricted the write access to the Main web in the same way we had done this for our external TWiki server. But from now on users are unable to register properly. Although their user account is created and added to TWikiUsers topic, they don’t receive an email and they are getting the following error message:
Access check on TWikiRegistration failed. Action "CHANGE": access not allowed on web.

The owner of the new TWiki user account stays on BaseUserMapping _222. I’ve tried to reproduce this problem with a new clean installation of the TWiki software. I found out that as soon as I set passwordManager to None and when write access to the Main web is restricted, we are receiving the same error message. I also found out the following during this test:

1. When PasswordManager is set to None OR to HtPasswdUser and write access to Main web is NOT restricted -> The new registered TWiki user account will have two revision. The first revision is created by TWikiRegistrationAgent and the second by the just registered user.

2. When PasswordManager = HtPasswdUser and write access to Main web is restricted -> The new registered user account will have only one revisions which is created by TWikiRegistrationAgent.

3. When PasswordManager = None and write access to Main web is restricted -> The new registered user account will have one revision which is created by BaseUserMapping_222 (which seems to be the TWikiRegistrationAgent user). Then TWiki seems to try to create the second revision by using the just registered owner. I think this is where the problem is located, because the only account allowed to edit the Main web is TWikiRegistrationAgent.

So if I’m understanding this correctly: It seems that although the second implementation of registration must be used (Because Main Web is restricted for writing), but when passwordManager is set to None it tries to register using the first implementation.

Is this a bug in the TWiki software or does someone know how to solve this problem?

Thank you in advance!

-- TWiki:Main/NathanSanders - 24 Sep 2009

I forgot to mention there is no error message in either the logging of apache nor in the logging of TWiki

-- TWiki:Main.NathanSanders - 24 Sep 2009

I re-prioritized this from urgent to normal. Anyone with interest can pick this up and fix.

-- TWiki:Main.PeterThoeny - 2013-11-08