Hi folks,
My sites have Apache web servers that support authentication through MIT Kerberos (using mod-auth-kerb). If my users have MediaWiki login names that match their Kerberos principal names, is it possible to set up Kerberos authentication for their MediaWiki accounts?
Thanks,
Jaap
Jaap Winius wrote:
My sites have Apache web servers that support authentication through MIT Kerberos (using mod-auth-kerb). If my users have MediaWiki login names that match their Kerberos principal names, is it possible to set up Kerberos authentication for their MediaWiki accounts?
yes it is ?
https://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Kerberos_Config...
http://www.gossamer-threads.com/lists/wiki/mediawiki/154119 http://www.chipnick.com/blog/2012/02/02/kerberos-apache-and-mediawiki/
svetlana
Quoting svetlana svetlana@fastmail.com.au:
yes it is ?
Regarding "Extension:LDAP Authentication/Kerberos Configuration Examples", the description for it includes:
"If you do not need LDAP support, and only need Kerberos support, this is not the extension for you; please see the HttpAuth extension"
However, "Extension:HttpAuth" hasn't been maintained since 2008 and no longer supports recent releases of MediaWiki. Luckily, the archived page for it states that "Extension:Auth remoteuser" can be used in its place. This looks promising and I'd like to try it out, but unfortunately when I attempt to download it there is an error:
Please configure $wgExtDistList and $wgExtDistArchiveAPI
This seems to be a bug, hopefully temporary. I'll try again later.
Thanks,
Jaap
On Aug 17, 2014 11:36 AM, "Jaap Winius" jwinius@umrk.nl wrote:
This looks promising and I'd like to try it out, but unfortunately when I
attempt to download it there is an error:
Please configure $wgExtDistList and $wgExtDistArchiveAPI
This seems to be a bug, hopefully temporary. I'll try again later.
Or subscribe to https://bugzilla.wikimedia.org/69644 and there should be a notification when it's fixed. (we usually don't deploy on weekends)
-Jeremy
Quoting Jaap Winius jwinius@umrk.nl:
Quoting svetlana svetlana@fastmail.com.au:
yes it is ?
... "Extension:Auth remoteuser" ... looks promising ...
See https://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
Success! That was pretty easy, actually. About the trickiest part was figuring out how to set the REMOTE_USER variable in my Apache configuration (a little after the mod-auth-kerb authentication section, of course):
SetEnv REMOTE_USER $REDIRECT_REMOTE_USER
This is possible after enabling the 'env' module for Apache. After that, it all worked in one go.
Thanks!
Jaap
mediawiki-l@lists.wikimedia.org