User Tools

Site Tools


en:user:authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
en:user:authentication [2014/06/16 05:24] – external edit 127.0.0.1en:user:authentication [2023/03/13 01:46] (current) – external edit 127.0.0.1
Line 1: Line 1:
-====== Authentication in Greenstone ====== 
-Greenstone software comes equipped with an authentication system.  
  
-<TABAREA tabs="Greenstone3,Greenstone2"> 
-<TAB> 
-To access this facility, click the **Login** button in the  
-upper right corner of the interface and enter your username and password (the default is "admin" 
-and "admin"). 
  
-For more information on security in Greenstone 3, refer to [[http://wiki.greenstone.org/doku.php?id=en:user_advanced:security|Security in Greenstone Collections]] 
-</TAB> 
-<!-- #################################################################################################### 
-#################################################################################################### 
-################################################################################--> 
-<TAB> 
-<!-- id:582 -->To access this facility, click the appropriate link on the front page. 
  
-<!-- id:583 -->The entry page gives information about each of the collections offered by the system.  +====== Authentication in Greenstone ====== 
-Note that //all// collections are included—for there may be “private” ones that do not appear on the  +The Greenstone software comes equipped with an authentication system. Users can "Register" in the system, and can then access protected parts of the librarysuch as remote collection editingonline document editing (greenstone 3and protected collections.
-Greenstone home page. With each is given its short namefull name, whether it is publicly displayed, +
- and whether or not it is running. Clicking a particular collection's abbreviation brings up information about  +
-that collectiongathered from its collection configuration file and from other internal +
- structures created for that collection. If the collection is both public and running +
-clicking the collection's full name (the second linktakes you to the collection itself.+
  
-<!-- id:585 -->The administrative facility also presents configuration information about  +A special type of user called an "administrator" is able to manage usersAnyone can register as a user, but only administrators can assign groups to that user. Groups control which collections/activities a user is allowed access to.
-the installation and allows it to be modified. It facilitates examination of the error  +
-logs that record internal errors, and the user logs that record usageIt enables  +
-specified user (or users) to authorize others to build collections and add new material  +
-to existing ones.+
  
  
-===== <!-- id:599 -->User management =====+For more information on security in Greenstone 3, refer to [[http://wiki.greenstone.org/doku.php?id=en:user_advanced:security|Security in Greenstone Collections]]
  
-<!-- id:600 -->Greenstone incorporates an authentication scheme which can be used to control  
-access to certain facilities. This is used to restrict the people  
-who are allowed to access certain administration pages and allow for private collections/documents.  
  
-Authentication is done by requesting a user name and password. 
  
-<!-- id:601 -->From the administration page users can be listed, 
- new ones added, and old ones deleted.  
-The ability to do this is of course also protected:  
-only users who have administrative privileges can add new users. 
- It is also possible for each user to belong to different “groups”. 
- At present, the only extant groups are “administrator” and “colbuilder”.  
-Members of the first group can add and remove users, and change their groups. 
- Members of the second can access the facilities described above to build new  
-collections and alter (and delete) existing ones. 
  
-<!-- id:602 -->When Greenstone is installed, there is one user called //admin// who belongs  
-to both groups. The password for this user is set during the installation process (If you 
-did not set a password during installation, the admin login will default to  
-username = //admin//, password = //admin//).  
-This user can create new names and passwords for users who belong just to the  
-//colbuilder// group, which is the recommended way of giving other users the ability  
-to build collections. User information is recorded in two databases that are placed in  
-the Greenstone file structure (see the //Greenstone Digital Library Developer's Guide//). 
  
-=====Forgotten Password===== +=====User management =====
-(With instructions by Diego Spano.)+
  
-User account details are stored in etc/users.gdb.+Greenstone's user database is controlled by Administration Pages in the library. Admin users (users with the 'administrator' group set) can list users, edit their details (including which groups they belong to) and delete or create new onesIn addition, in greenstone 3, anyone can register themselves as a new user (although an administrator needs to set their groups).
  
-There are several ways in which to reset your admin account'password. If you have the admin account's authentication details, you can reset the password for other users.+Authentication of users is done by requesting a user name and password.
  
-**Option 1**+The current list of predefined groups is as follows:
  
-In greenstone/bin/script you have a perl script called "csv-usernames-to-db.pl". This program converts username details (passwordgroup information etc) into the format used by Greenstone, and stores them in etc/users.gdb.+   ***administrator**: Gives permission to access and change site configuration and user accounts. 
 +   ***personal-collections-editor**: Gives permission to create new personal collections 
 +   * **<collection-name>-collection-editor**: Gives permission to create and edit the "collection-name" collectionfor examplereports-collection-editor. 
 +   * **all-collections-editor**: Gives permission to create new personal and global collections and edit all collectionsAlso gives permission to use the Collector (Greenstone 2).
  
-Do the following:+In addition, any custom group name can be used.
  
-1Create text file named myusers.csv and add the following line inside: +When Greenstone is installed, there is one user called //admin// who belongs  
-<code>Tom,123456,administrator</code>+to both the administrator and all-collections-editor groupsThe password for this user is set during the installation process (If you 
 +did not set password during installation, the admin login will default to  
 +username = //admin//password = //admin//). 
  
-2. open a terminal+For more details about user management, see the appropriate page for your Greenstone: 
 +  * [[en:user_advanced:gs3_user_management|Greenstone 3 User Management]] 
 +  * [[en:user_advanced:gs2_user_management|Greenstone User Management]]
  
-3. move to Greenstone root folder.+===== Collection Security =====
  
-4Run setup.bat (Windows) or setup.bash+Collections can be made public or privateAdditionally they can be password protected so that only users who belong to specified groups can access themOr collections can be public with the exception of a few specified documents in that colleciton, which require a username and password to access.
  
-5Run "perl -S csv-usernames-to-db.pl /path_to_file/myusers.csv"+See the [[en:user_advanced:security|Security in Greenstone Collections]] page for more details about this.
  
-With this script you will create a user named Tom, with password "123456" that belongs to administrator´s group. Log in with Tom and now you will be able to edit admin user and change his password. This way you will not delete all the other users you had defined previously.+===== Additional features =====
  
-**Option 2**+Once you have authenticated users, you can use features such as: 
 +  [[en:user:user_comments|User Comments]] - if this is enabled for a collection, logged in users can add comments to a document. 
 +  [[en:user_advanced:web_editor|Online Document Editing]] - In greenstone 3 you can enable web editing for documents. Here authenticated users (with collection editing privileges) can modify the metadata or text content of a document.
  
-1. If you're admin, then open a terminal. To set the admin password on Linux, you can run: 
-<code>./gsicontrol.sh configure-admin</code> 
-and on Windows: 
-<code>gsicontrol.sh configure-admin</code> 
  
-2. If your admin account is working fine, then make sure you've enabled the Administration pages. You can do this by opening etc/main.cfg in a text editor and changing the line that says: 
-<code>status    disabled</code> 
-to 
-<code>status    enabled</code> 
  
-3. Go to your Greenstone home page, click on the //Administration Page// button and, in the page that then loads, click on the //List Users// link to the left. 
- 
-4. Login with the admin account. Then select the user whose password you want to reset by pressing the Edit button and filling in the new details. 
- 
-**Option 3** 
- 
-Delete the file greenstone/etc/users.gdb. Then go to admin page and log in with user admin. The password now defaults to "admin". Once logged in you can change your password. With this method you get access to the system but you are deleting all the other users you had defined. 
- 
- 
-=====Password Protection===== 
- 
-==== Private Collections ==== 
-This feature is not currently available through the Librarian Interface. Please close the collection if it is open in the Librarian Interface. Edit the GSDLHOME/collect/<collname>/etc/collect.cfg file, and add the following lines: 
- 
- authenticate collection 
- auth_groups <groupname> [<groupname> ...] 
- 
-You may have to restart the Greenstone server for the changes to take effect. 
- 
-The **auth_groups** line specifies the user group(s) which have access to the documents. To access a protected collection, a person must have a user name and password, and this user name must belong to one of the specified groups. See below for how to add new users and set their groups. 
- 
-**IMPORTANT NOTE:** In Greenstone 2.82 and earlier, use **auth_group** instead of auth_groups (both will still be recognised in later Greenstone versions). 
-==== Private Documents ==== 
- 
-It is possible to password-protect specific documents in your collection. 
- This feature is not currently available through the Librarian Interface. Please close the collection if it is open in the Librarian Interface. Edit the GSDLHOME/collect/<collname>/etc/collect.cfg file, and add the following lines: 
- 
- authenticate document 
- auth_groups <groupname> [<groupname> ...] 
- 
-The **auth_groups** line specifies the user group(s) which have access to the documents. To access a protected collection, a person must have a user name and password, and this user name must belong to one of the specified groups. See below for how to add new users and set their groups. 
- 
-**IMPORTANT NOTE:** In Greenstone 2.82 and earlier, use **auth_group** instead of auth_groups (both will still be recognised in later Greenstone versions). 
- 
-Then add **either** of the following two lines: 
- private_documents <oid> [<oid> ...] 
- public_documents <oid> [<oid> ...] 
- 
-These two lines specify a list of document identifiers (ex.Identifier in the Enrich pane). Using **private_documents**, all specified documents will be password protected, while any others are freely accessible. Using **public_documents**, all specified documents will be freely available, with all others password protected. 
- 
- 
-=====Creating a new user===== 
- 
-You need to use the administration facility. You can access the administration page by clicking the **Administration Page** button on the home page of your Greenstone installation. If this is not present, enable it by setting **status** to **enabled** in the GSDLHOME/etc/main.cfg file. 
- 
-From the administration page you can list users and add new users by clicking the links down the left hand side of the page. You will need to use the admin account that was set up when you installed Greenstone. 
- 
-You can change the properties of an existing user by clicking the edit link from the list users page.  
- 
-If you are adding users to access a protected collection, make sure you add the required group into the groups field. 
- 
- 
- 
-=====Usage information===== 
- 
-You can enable usage logging by setting the logcgiargs option to true in greenstone/etc/main.cfg. This saves a log in greenstone/etc/usage.txt. The log entry is basically a list of cgi arguments. One entry is generated for each page request to the library. 
- 
-You can find out what the cgi arguments mean by going to the Administration page of your Greenstone installation, or from [[en:urls| this page]]. 
- 
-===== User Comments ===== 
- 
-If you enable comments for your library, library users with accounts are able to add comments 
-to the document pages of collections. 
- 
-To allow users to view and add comments to documents: 
-  - In the Format Features section of the Format pane of GLI, go to the Choose Feature dropdown and select AllowUserComments.  
-  - Press the Add Format button to add this to the list of active Format Features for your collection.  
-  - Select the AllowUserComments option that is now in the list and then tick its Enabled button to activate it.  
-  - Press the Preview button and visit a document of your collection.  
-It should now provide a small "Add comment" link at the bottom. Users need to have accounts in your digital library in order to add their own comments, but existing comments once added can be seen by all. 
  
  
Line 171: Line 57:
  
   * The [[http://www.nzdl.org/cgi-bin/library?a=p&amp;p=about&amp;c=authen-e|Formatting and Authentication]] demo collection uses authentication.   * The [[http://www.nzdl.org/cgi-bin/library?a=p&amp;p=about&amp;c=authen-e|Formatting and Authentication]] demo collection uses authentication.
- 
-</TAB></TABAREA> 
  
en/user/authentication.1402896260.txt.gz · Last modified: 2016/06/28 06:04 (external edit)