Hi Anthony
I realize this is much, much, later, but I thought a late response might be better than no response. The Mediawiki authentication code is twisted and complex, and also changed a lot (for the better!) with 1.4. So when my group upgraded, I scrapped the modifications I had made. Instead, I used mod_auth_mysql in apache to check auth-basic credentials against the wiki's user table. Here are the apache <Directory> blocks I use to do it:
<Directory /var/www/html/wiki> SSLRequireSSL Order allow,deny
Satisfy Any Allow from all </Directory> <Directory /> SSLRequireSSL # SSLRequire %{SSL_CIPHER_USERKEYSIZE}>=128 Order deny,allow Deny from all
AuthName "Members Only" AuthType Basic AuthMySQLHost localhost AuthMySQLUser dbusername AuthMySQLPassword dbpassword AuthMySQLDB wikidb1 AuthMySQLUserTable user AuthMySQLNameField user_name AuthMySQLPasswordField user_password AuthMySQLMD5Passwords On AuthMySQLNoPasswd Off AuthMySQLAuthoritative On
AllowOverride AuthConfig
Require valid-user </Directory>
This makes the wiki rely on it's own authentication for security, but protects the rest of the site with the same logins. So, you do need to make some changes to the wiki's configuration.
This is a good starting point for info on how to do this: http://meta.wikimedia.org/wiki/Preventing_Access
You will also need to remove the salting algorithm that mediawiki uses to increase the security of their password by adding this to the LocalSettings.php file: # So that mod_auth_mysql can understand passwords too $wgPasswordSalt = false;
This WILL invalidate all your passwords! But, now people can manage their access to the site using MediaWiki's account creation tools. So they can have the wiki mail them a temporary password, if it has their email.
I'll copy to the list as well, as a few similar questions have been generated by that post.
On 8/17/05, Anthony McKernan Anthony.McKernan@newcastle.ac.uk wrote:
David Cameron,
i just read your post at
http://mail.wikipedia.org/pipermail/mediawiki-l/2005-February/003629.html
i want to do the same thing but i tried your code but i got few errors. I was wondering if you could send me a patch to do this. Are guide me on how i go about protecting a whole wiki site in apache with AuthBasic.
cheers
Anthony
mediawiki-l@lists.wikimedia.org