session_start();
if ((!empty($_SERVER['PHP_AUTH_USER']) &&
!empty($_SERVER['REMOTE_USER'])) || $_COOKIE['fpwiki_en_UserID']) {
require_once("$IP/extensions/HttpAuthPlugin.php");
$wgAuth = new HttpAuthPlugin();
$wgHooks['UserLoadFromSession'][] =
array($wgAuth,'autoAuthenticate');
}
This looks kind of strange. That if line is saying "if the user is
authenticated by the web server, or the user has a cookie set, enable the
plugin". I think that $_COOKIE['fpwiki_en_UserID'] part is wrong. The
cookies assigned by your wiki wouldn't likely be 'fpwiki_en_UserID'; Try:
$_COOKIE[$wgDBserver . "UserID"]
Which, I think, is the default way MediaWiki sets cookies.
That said, I really don't even understand the point of the if statement or
the session_start() line. Why isn't the plugin doing this stuff for you?
I then added the following lines to http.conf:
<Location /w/Special:UserLogin>
AuthType "basic"
AuthName "wiki"
AuthPAM_Enabled on
AuthPAM_FallThrough Off
SSLRequireSSL
Require valid-user
</Location>
This looks fine.
The result is that when users visit Special:UserLogin,
they
get a pop-up screen and must authenticate using PAM. They
can then see the Special:UserLogin screen and must login
again (which isn't compared to our external database). This
isn't quite what I wanted. I am new to Apache and web
administration. Does anyone have any advice?
I'm very much betting it's that cookie line...
V/r,
Ryan Lane