Hi Anthony
I realize this is much, much, later, but I thought a late response
might be better than no response. The Mediawiki authentication code is
twisted and complex, and also changed a lot (for the better!) with
1.4. So when my group upgraded, I scrapped the modifications I had
made. Instead, I used mod_auth_mysql in apache to check auth-basic
credentials against the wiki's user table. Here are the apache
<Directory> blocks I use to do it:
<Directory /var/www/html/wiki>
SSLRequireSSL
Order allow,deny
Satisfy Any
Allow from all
</Directory>
<Directory />
SSLRequireSSL
# SSLRequire %{SSL_CIPHER_USERKEYSIZE}>=128
Order deny,allow
Deny from all
AuthName "Members Only"
AuthType Basic
AuthMySQLHost localhost
AuthMySQLUser dbusername
AuthMySQLPassword dbpassword
AuthMySQLDB wikidb1
AuthMySQLUserTable user
AuthMySQLNameField user_name
AuthMySQLPasswordField user_password
AuthMySQLMD5Passwords On
AuthMySQLNoPasswd Off
AuthMySQLAuthoritative On
AllowOverride AuthConfig
Require valid-user
</Directory>
This makes the wiki rely on it's own authentication for security, but
protects the rest of the site with the same logins. So, you do need to
make some changes to the wiki's configuration.
This is a good starting point for info on how to do this:
http://meta.wikimedia.org/wiki/Preventing_Access
You will also need to remove the salting algorithm that mediawiki uses
to increase the security of their password by adding this to the
LocalSettings.php file:
# So that mod_auth_mysql can understand passwords too
$wgPasswordSalt = false;
This WILL invalidate all your passwords! But, now people can manage
their access to the site using MediaWiki's account creation tools. So
they can have the wiki mail them a temporary password, if it has their
email.
I'll copy to the list as well, as a few similar questions have been
generated by that post.
On 8/17/05, Anthony McKernan <Anthony.McKernan(a)newcastle.ac.uk> wrote:
David Cameron,
i just read your post at
http://mail.wikipedia.org/pipermail/mediawiki-l/2005-February/003629.html
i want to do the same thing but i tried your code but i got few errors. I was
wondering if you could send me a patch to do this. Are guide me on how i go
about protecting a whole wiki site in apache with AuthBasic.
cheers
Anthony
--
David Cameron
University of British Columbia
http://bar.psych.ubc.ca/People/Dave.html