Authentication in Greenstone

Greenstone software comes equipped with an authentication system.

User management

Greenstone incorporates an authentication scheme which can be used to control access to certain facilities. This is used to restrict the people who are allowed to access certain administration pages and allow for private collections/documents.

Authentication is done by requesting a user name and password.

From the administration page users can be listed, new ones added, and old ones deleted. The ability to do this is of course also protected: only users who have administrative privileges can add new users. It is also possible for each user to belong to different “groups”. At present, the only extant groups are “administrator” and “colbuilder”. Members of the first group can add and remove users, and change their groups. Members of the second can access the facilities described above to build new collections and alter (and delete) existing ones.

When Greenstone is installed, there is one user called admin who belongs to both groups. The password for this user is set during the installation process (If you did not set a password during installation, the admin login will default to username = admin, password = admin). This user can create new names and passwords for users who belong just to the colbuilder group, which is the recommended way of giving other users the ability to build collections. User information is recorded in two databases that are placed in the Greenstone file structure (see the Greenstone Digital Library Developer's Guide).

Forgotten Password

(With instructions by Diego Spano.)

User account details are stored in etc/users.gdb.

There are several ways in which to reset your admin account's password. If you have the admin account's authentication details, you can reset the password for other users.

Option 1

In greenstone/bin/script you have a perl script called "csv-usernames-to-db.pl". This program converts username details (password, group information etc) into the format used by Greenstone, and stores them in etc/users.gdb.

Do the following:

1. Create a text file named myusers.csv and add the following line inside:

Tom,123456,administrator

2. open a terminal

3. move to Greenstone root folder.

4. Run setup.bat (Windows) or setup.bash

5. Run "perl -S csv-usernames-to-db.pl /path_to_file/myusers.csv"

With this script you will create a user named Tom, with password "123456" that belongs to administrator´s group. Log in with Tom and now you will be able to edit admin user and change his password. This way you will not delete all the other users you had defined previously.

Option 2

1. If you're admin, then open a terminal. To set the admin password on Linux, you can run:

./gsicontrol.sh configure-admin

and on Windows:

gsicontrol.sh configure-admin

2. If your admin account is working fine, then make sure you've enabled the Administration pages. You can do this by opening etc/main.cfg in a text editor and changing the line that says:

status    disabled

to

status    enabled

3. Go to your Greenstone home page, click on the Administration Page button and, in the page that then loads, click on the List Users link to the left.

4. Login with the admin account. Then select the user whose password you want to reset by pressing the Edit button and filling in the new details.

Option 3

Delete the file greenstone/etc/users.gdb. Then go to admin page and log in with user admin. The password now defaults to "admin". Once logged in you can change your password. With this method you get access to the system but you are deleting all the other users you had defined.

Password Protection

Private Collections

This feature is not currently available through the Librarian Interface. Please close the collection if it is open in the Librarian Interface. Edit the GSDLHOME/collect/<collname>/etc/collect.cfg file, and add the following lines:

authenticate collection auth_groups <groupname> [<groupname> …]

You may have to restart the Greenstone server for the changes to take effect.

The auth_groups line specifies the user group(s) which have access to the documents. To access a protected collection, a person must have a user name and password, and this user name must belong to one of the specified groups. See below for how to add new users and set their groups.

IMPORTANT NOTE: In Greenstone 2.82 and earlier, use auth_group instead of auth_groups (both will still be recognised in later Greenstone versions).

Private Documents

It is possible to password-protect specific documents in your collection. This feature is not currently available through the Librarian Interface. Please close the collection if it is open in the Librarian Interface. Edit the GSDLHOME/collect/<collname>/etc/collect.cfg file, and add the following lines:

authenticate document auth_groups <groupname> [<groupname> …]

The auth_groups line specifies the user group(s) which have access to the documents. To access a protected collection, a person must have a user name and password, and this user name must belong to one of the specified groups. See below for how to add new users and set their groups.

IMPORTANT NOTE: In Greenstone 2.82 and earlier, use auth_group instead of auth_groups (both will still be recognised in later Greenstone versions).

Then add either of the following two lines: private_documents <oid> [<oid> …] public_documents <oid> [<oid> …]

These two lines specify a list of document identifiers (ex.Identifier in the Enrich pane). Using private_documents, all specified documents will be password protected, while any others are freely accessible. Using public_documents, all specified documents will be freely available, with all others password protected.

Creating a new user

You need to use the administration facility. You can access the administration page by clicking the Administration Page button on the home page of your Greenstone installation. If this is not present, enable it by setting status to enabled in the GSDLHOME/etc/main.cfg file.

From the administration page you can list users and add new users by clicking the links down the left hand side of the page. You will need to use the admin account that was set up when you installed Greenstone.

You can change the properties of an existing user by clicking the edit link from the list users page.

If you are adding users to access a protected collection, make sure you add the required group into the groups field.

Usage information

You can enable usage logging by setting the logcgiargs option to true in greenstone/etc/main.cfg. This saves a log in greenstone/etc/usage.txt. The log entry is basically a list of cgi arguments. One entry is generated for each page request to the library.

You can find out what the cgi arguments mean by going to the Administration page of your Greenstone installation, or from this page.

User Comments

If you enable comments for your library, library users with accounts are able to add comments to the document pages of collections.

To allow users to view and add comments to documents:

  1. In the Format Features section of the Format pane of GLI, go to the Choose Feature dropdown and select AllowUserComments.
  2. Press the Add Format button to add this to the list of active Format Features for your collection.
  3. Select the AllowUserComments option that is now in the list and then tick its Enabled button to activate it.
  4. Press the Preview button and visit a document of your collection.

It should now provide a small "Add comment" link at the bottom. Users need to have accounts in your digital library in order to add their own comments, but existing comments once added can be seen by all.

Additional Resources