session_start(); if ((!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['REMOTE_USER'])) || $_COOKIE['fpwiki_en_UserID']) { require_once("$IP/extensions/HttpAuthPlugin.php"); $wgAuth = new HttpAuthPlugin(); $wgHooks['UserLoadFromSession'][] = array($wgAuth,'autoAuthenticate'); }
This looks kind of strange. That if line is saying "if the user is authenticated by the web server, or the user has a cookie set, enable the plugin". I think that $_COOKIE['fpwiki_en_UserID'] part is wrong. The cookies assigned by your wiki wouldn't likely be 'fpwiki_en_UserID'; Try:
$_COOKIE[$wgDBserver . "UserID"]
Which, I think, is the default way MediaWiki sets cookies.
That said, I really don't even understand the point of the if statement or the session_start() line. Why isn't the plugin doing this stuff for you?
I then added the following lines to http.conf: <Location /w/Special:UserLogin> AuthType "basic" AuthName "wiki" AuthPAM_Enabled on AuthPAM_FallThrough Off SSLRequireSSL Require valid-user
</Location>
This looks fine.
The result is that when users visit Special:UserLogin, they get a pop-up screen and must authenticate using PAM. They can then see the Special:UserLogin screen and must login again (which isn't compared to our external database). This isn't quite what I wanted. I am new to Apache and web administration. Does anyone have any advice?
I'm very much betting it's that cookie line...
V/r,
Ryan Lane