[Mediawiki-l] Kerberos? (Re: Single-Login with Woltlab Burbing Board (Wbb)?

Peter Laws plaws at ou.edu
Wed Aug 15 20:15:11 UTC 2007

Lane, Ryan wrote:

>         http://www.mediawiki.org/wiki/Category:Authentication_and_Login

So the SSO hack we've been using on RHEL 3 and 4 (busted in RHEL 5!) to 
authenticate off of our AD infrastructure is to tell RHEL that the AD stuff 
is a Kerberos KDC.  Works pretty well - all I need to do is a useradd on 
the person's AD login it's maintenance free from there as far as I'm 
concerned plus I control just which AD users can get in.

Anyone doing something like this with MW 1.10?  I see 
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication and that might 
do it, but I wasn't the one that came up with the scheme we use and don't 
know enough about AD and Kerberos to be able to do any necessary hacking.

I realize that I couldn't control who had an account (like having to do a 
useradd on RHEL), but I can probably do something similar via a group in AD.

Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu

+ Ranked 10th in PC Magazine's 2007 Top 20 Wired Campuses
+ Computerworld 2006 100 Best Places to Work in IT

More information about the MediaWiki-l mailing list