).
Many organizations are going to smart cards, and use LDAP for
authentication. Thomas and I are working on integrating his email
notification with my LDAP patch, maybe I'll be able to integrate this as
well.
Ryan Lane
Naval Oceanographic Office
-----Original Message-----
From: wikitech-l-bounces(a)wikimedia.org
[SMTP:wikitech-l-bounces@wikimedia.org] On Behalf Of Frank Wales
Sent: Thursday, February 17, 2005 11:23 PM
To: Wikimedia developers
Subject: [Wikitech-l] Client certificate-based user login mechanism
On Wed, 2005-02-16 at 07:20 +0100, Thomas Gries wrote:
I have such a patch for loadFromSession() see
http://bugzilla.wikimedia.org/show_bug.cgi?id=1360 Auto-login /
Auto-account-creation by hostname for intranet MediaWikis. The patch
code itself has not yet been uploaded but is rather short.
Brion and Marcus: let me know, if you are interested - pls .study for
this the text on the bugzilla; then I would revisited my code and upload
the patch as a diff.
In related news, I've just written a first working version of a patch
to loadFromSession() which logs you in as the Common Name from a
client certificate presented by your browser as part of the SSL
handshake to a secure Apache server. Not very elegant yet, but
it seems to work okay. In effect, it punts the problem of
getting the user's credentials up to Apache, but for what we're
doing, that makes more sense anyway.
My questions are:
1) anyone interested in the patch (with documentation on how
to set up Apache to pass in the bits MW needs, etc., once
I get the time to scribble some down)?
2) ought I to append it to Thomas's bug #1360 discussion, or
should this go elsewhere?
Note that I'm still in the middle of tweaking this for production
use, and since I only started looking at MW's code a few hours
ago, I probably have some cleaning up to do before it's very
presentable.
But I'm happy to toss it out with some notes anyway for comment,
especially if it turns out that I'm doing something majorly wrong.
--
Frank Wales [frank(a)limov.com]
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/wikitech-l