There are a bunch of these web server authentication plugins that all mostly suck. Web server authentication would be fairly easy to add to core, with a minimal amount of change. The auto-auth code does nearly everything required of web server authentication, except the things that extensions *really* shouldn't be doing, like adding users to the database, and checking sessions.
Would anyone object if I add this support to core?
-----Original Message----- From: mediawiki-l-bounces@lists.wikimedia.org [mailto:mediawiki-l-bounces@lists.wikimedia.org] On Behalf Of Tolliver Sent: Wednesday, May 05, 2010 7:59 AM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] New 1.15.3 install
Hello Platonides,
Performed the following:
- Created Auth_remoteuser.php from the code at
(http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER#Code)
- Ensured the permissions where correct on the new extension
- Replaced Auth_remoteuser.php
- Run php update.php --aconf ../AdminSettings.php
Received the error again: PHP Notice: Undefined index: REMOTE_USER in /appl/web/devwiki/public_www/mediawiki-1.15.3/extensions/Auth_ remoteuser.php on line 195
Line 195 of Auth_remoteuser.php if ( strlen($_SERVER['REMOTE_USER']) )
Thanks again.
Platonides wrote:
Tolliver wrote:
Hello Platonides,
I ran update.php again, and I got and error that I hadn't
previously
noticed: PHP Notice: Undefined index: PHP_AUTH_USER in
/appl/web/devwiki/public_www/mediawiki-1.15.3/extensions/Auth_ remoteuser.php
on line 92
This is line 92 of Auth_remoteuser.php:
- line 92 = if ( strlen($_SERVER['PHP_AUTH_USER']) ) {
You suggested that I Update my AutomaticREMOTE_USER
extension, but I
didn't have that extension for 1.11.0.
Thank you.
Auth_remoteuser.php doesn't seem to be the last version.
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
MediaWiki-l mailing list MediaWiki-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
I think it would be good to have that in the core so people know the auth is safe and up to date.
We have a lot of extensions, most of them are already broken, or will be broken when 1.16 is released.
And the extensions that still work are really bad, they don't let ano users edit, or they need to disable user registration. (LDAP works good btw)
I think it would be very good to have a basic auth function in mediawiki.
Best regards,
On Thu, May 6, 2010 at 9:09 AM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
There are a bunch of these web server authentication plugins that all mostly suck. Web server authentication would be fairly easy to add to core, with a minimal amount of change. The auto-auth code does nearly everything required of web server authentication, except the things that extensions *really* shouldn't be doing, like adding users to the database, and checking sessions.
Would anyone object if I add this support to core?
I'd rather see an RFC written up with where we want to go with user auth. I know your idzeas differ from Aryeh's work on the issue, so I'd rather see all that stuff worked out before more code gets put in core.
Just my opinion though.
-Chad
I'd rather see an RFC written up with where we want to go with user auth. I know your idzeas differ from Aryeh's work on the issue, so I'd rather see all that stuff worked out before more code gets put in core.
Just my opinion though.
I was planning on extending the current auto-auth code to support normal core features like session checking and user creation. I can draft up an RFC though. It'll be a good exercise for some of the future auth changes I want to make ;).
V/r,
Ryan Lane
On Thu, May 6, 2010 at 9:09 AM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
There are a bunch of these web server authentication plugins that all mostly suck. Web server authentication would be fairly easy to add to core, with a minimal amount of change. The auto-auth code does nearly everything required of web server authentication, except the things that extensions *really* shouldn't be doing, like adding users to the database, and checking sessions.
Would anyone object if I add this support to core?
Core is where this stuff should be, IMO. And if any improvements to ExternalAuth would be handy, feel free to make them too!
On Thu, May 6, 2010 at 9:43 AM, Chad innocentkiller@gmail.com wrote:
I'd rather see an RFC written up with where we want to go with user auth. I know your idzeas differ from Aryeh's work on the issue, so I'd rather see all that stuff worked out before more code gets put in core.
Just my opinion though.
I'm pretty sure the result of our discussion was we basically agree on everything important. :) It's just a matter of implementing it. Our discussion was mostly a matter of clarifying our different assumptions (typical web app auth vs. LDAP auth). Even if there were disagreement about how ExternalAuth should be extended to handle a greater variety of backends, that shouldn't block progress on adding new backends like HTTP auth that don't require extension of the basic model to work right.
wikitech-l@lists.wikimedia.org