I want REMOTE_USER since I am using Apache to require login if the user is not coming from the local network. But I don't want to have them log in twice. Essentially in psuedocode;
if user is on a remote network: deny access without login (through htauth) prompt for login on success, pass login to MW else provide read only access make login for read-write possible
I don't think I can use both the remote auth module and ldap auth on the same MW instance without hacks.
David
On 7 September 2013 13:59, vitalif@yourcmc.ru wrote:
"Local" users are on an identified network address range (via
.htaccess) and "remote" users are anyone who's not "local." In both cases they have accounts. The problem is Apache won't pass REMOTE_USER if the directory is considered to not require auth, which I need to have the site read-only for logged in local users. The only thing I've been able to come up with is to duplicate the MW instance using the same database at a different locations, but that means people will be using different URLs. I also set up a scheme where a directory requiring htauth login stores REMOTE_USER in a session variable then bounces them back, but it required further hacks and I'd prefer something cleaner.
I don't understand why do you want REMOTE_USER at all? Is it because you use Apache authentication modules - some kind of domain autologin? (and what kind?) And if it isn't automatic, if it's just HTTP LDAP authentication using login and password - why you don't use http://www.mediawiki.org/wiki/** Extension:LDAP_Authenticationhttp://www.mediawiki.org/wiki/Extension:LDAP_Authentication ?
______________________________**_________________ Mediawiki-enterprise mailing list Mediawiki-enterprise@lists.**wikimedia.orgMediawiki-enterprise@lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/mediawiki-**enterprisehttps://lists.wikimedia.org/mailman/listinfo/mediawiki-enterprise