[Mediawiki-l] Name and Password from PHP_AUTH

David Cameron dave.bc at gmail.com
Mon Sep 5 21:40:41 UTC 2005 

Hi Anthony

I realize this is much, much, later, but I thought a late response
might be better than no response. The Mediawiki authentication code is
twisted and complex, and also changed a lot (for the better!) with
1.4. So when my group upgraded, I scrapped the modifications I had
made. Instead, I used mod_auth_mysql in apache to check auth-basic
credentials against the wiki's user table. Here are the apache
<Directory> blocks I use to do it:

<Directory /var/www/html/wiki>
        SSLRequireSSL
        Order allow,deny

        Satisfy Any
        Allow from all
</Directory>
<Directory />
    SSLRequireSSL
    # SSLRequire %{SSL_CIPHER_USERKEYSIZE}>=128
    Order deny,allow
    Deny from all

    AuthName "Members Only"
    AuthType Basic
    AuthMySQLHost localhost
    AuthMySQLUser dbusername
    AuthMySQLPassword dbpassword
    AuthMySQLDB wikidb1
    AuthMySQLUserTable user
    AuthMySQLNameField user_name
    AuthMySQLPasswordField user_password
    AuthMySQLMD5Passwords On
    AuthMySQLNoPasswd Off
    AuthMySQLAuthoritative On

    AllowOverride AuthConfig

    Require valid-user
</Directory>

This makes the wiki rely on it's own authentication for security, but
protects the rest of the site with the same logins. So, you do need to
make some changes to the wiki's configuration.

This is a good starting point for info on how to do this:
http://meta.wikimedia.org/wiki/Preventing_Access

You will also need to remove the salting algorithm that mediawiki uses
to increase the security of their password by adding this to the
LocalSettings.php file:
# So that mod_auth_mysql can understand passwords too
$wgPasswordSalt = false;

This WILL invalidate all your passwords! But, now people can manage
their access to the site using MediaWiki's account creation tools. So
they can have the wiki mail them a temporary password, if it has their
email.

I'll copy to the list as well, as a few similar questions have been
generated by that post.

On 8/17/05, Anthony McKernan <Anthony.McKernan at newcastle.ac.uk> wrote:
> David Cameron,
> 
> i just read your post at
> 
> http://mail.wikipedia.org/pipermail/mediawiki-l/2005-February/003629.html
> 
> i want to do the same thing but i tried your code but i got few errors. I was
> wondering if you could send me a patch to do this.  Are guide me on how i go
> about protecting a whole wiki site in apache with AuthBasic.
> 
> cheers
> 
> Anthony
> 
> 
> 

-- 
David Cameron
University of British Columbia
http://bar.psych.ubc.ca/People/Dave.html

More information about the MediaWiki-l mailing list