Here is a patch to includes/User.php to allow password checking via a remote webserver. We're using it here to authenticate against our Kerberos server via a connection to an apache vhost on localhost running mod_auth_kerb, but I've generalized the code so it should work against any webserver you specify.

To enable it, add something like the following to LocalSettings.php:

$wgRemotePasswordCheck = true; $wgRemotePasswordServer = "localhost"; $wgRemotePasswordPort = 80;

Patch:

--- mediawiki-1.3.7/includes/User.php Thu Sep 23 11:41:57 2004 +++ wiki-bioterm/includes/User.php Tue Oct 26 17:32:04 2004 @@ -722,6 +722,7 @@

# Check to see if the given clear-text password is one of the accepted passwords function checkPassword( $password ) { + global $wgRemotePasswordCheck, $wgRemotePasswordServer, $wgRemotePasswordPort; $this->loadFromDatabase(); $ep = $this->encryptPassword( $password ); if ( 0 == strcmp( $ep, $this->mPassword ) ) { @@ -733,6 +734,24 @@ # Check for this with iconv $cp1252hash = $this->encryptPassword( iconv( 'UTF-8', 'WINDOWS-1252', $password ) ); if ( 0 == strcmp( $cp1252hash, $this->mPassword ) ) { + return true; + } + } + if ( $wgRemotePasswordCheck ) { + $lower = strtolower( $this->mName ); + $credentials = $lower . ":" . $password; + $out = "GET / HTTP/1.1\r\n"; + $out .= "Host: $wgRemotePasswordServer\r\n"; + $out .= "Authorization: Basic " . base64_encode($credentials) . "\r\n\r\n"; + $fp = fsockopen( $wgRemotePasswordServer, $wgRemotePasswordPort, $errno, $errstr, 30 ); + if( !$fp ) { + echo "$errstr ($errno)<br>"; + } else { + fwrite( $fp, $out ); + $test = fgets( $fp, 128); + fclose( $fp ); + } + if( 0 == strcmp( $test, "HTTP/1.0 200 OK\r\n" ) ) { return true; } }