I don't see anything there about a sysop having to authorise new users though...
I had to modify the schema and a bit of code to do this. I added a field to mw_cur: s_mem_type enum, with a default value of "non-member". I don't have web access to this field -- a DBA has to change it to some other state.
I'm sure I've seen some localsetting.php lines that enable this. Thanks for your input but it's way over my head!