Marcus Kazmierczak wrote:
We are currently using a single sign on system
which sets the HTTP_AUTH variable via an Apache
plugin. I have a requirement to tie this into
the MediaWiki tool. Plus I need to have auto
login, since the users all must be authenticated
before accessing the wiki tool.
After trying unsuccessfully to use the AuthPlugin.php
piece, I came up with a hack which appears to work.
I'd rather you suggest necessary changes to AuthPlugin so we can support
this cleanly. Adding a callback hook for authentication checks when no
session is open would likely be appropriate. This would probably be
called from User::loadFromSession() in place of calling the default User
constructor.
The change is in the includes/Setup.php file, by
changing the _SERVER["REMOTE_ADDR"] to _SERVER['HTTP_AUTH']
This would simply cause an unauthenticated user's edits to be recorded
with their name in place of their IP address, but without any connection
to their user account.
Watchlist and preferences would not work, and on creating an account by
the same name, any edits with the original name would be obscured in
Special:Contributions (as would any later edits done when not explicitly
logged in through the wiki). A user with sysop privileges would for
instance still have to separately log in to use them, as would any user
have to log in to rename pages, mark edits as minor, or if
$wgWhitelistEdit is on to edit anything.
This may also cause oddities if recording of IP addresses of user edits
in the recentchanges table is enabled.
Can you confirm these problems, or have you worked around them somehow?
-- brion vibber (brion @
pobox.com)