Marcus Kazmierczak wrote:
We are currently using a single sign on system which sets the HTTP_AUTH variable via an Apache plugin. I have a requirement to tie this into the MediaWiki tool. Plus I need to have auto login, since the users all must be authenticated before accessing the wiki tool.
After trying unsuccessfully to use the AuthPlugin.php piece, I came up with a hack which appears to work.
I'd rather you suggest necessary changes to AuthPlugin so we can support this cleanly. Adding a callback hook for authentication checks when no session is open would likely be appropriate. This would probably be called from User::loadFromSession() in place of calling the default User constructor.
The change is in the includes/Setup.php file, by changing the _SERVER["REMOTE_ADDR"] to _SERVER['HTTP_AUTH']
This would simply cause an unauthenticated user's edits to be recorded with their name in place of their IP address, but without any connection to their user account.
Watchlist and preferences would not work, and on creating an account by the same name, any edits with the original name would be obscured in Special:Contributions (as would any later edits done when not explicitly logged in through the wiki). A user with sysop privileges would for instance still have to separately log in to use them, as would any user have to log in to rename pages, mark edits as minor, or if $wgWhitelistEdit is on to edit anything.
This may also cause oddities if recording of IP addresses of user edits in the recentchanges table is enabled.
Can you confirm these problems, or have you worked around them somehow?
-- brion vibber (brion @ pobox.com)