On 1/4/11 12:51 PM, Platonides wrote:
I don't see how FS authentication is useful
there.
All authentication would be performed by mediawiki, with a master
credential such as $wgDBpassword. MediaWiki shouldn't need to send the
media server a user password!
Nobody said we'd be sending user passwords over to a media server. Most
of the time, even regular MediaWiki servers don't need to see passwords.
They just need some means to authenticate the session cookie.
But like I said we don't have very firm plans about how we would do
authentication.
(NB sysops should be able to remove goatses from forum
avatars...)
Yeah. Avatars can be tricky. Also to be pedantically correct you want to
have some guard against impersonation (using same icon, and maybe adding
unicode space characters or other trivial changes to username).
--
Neil Kandalgaonkar <neilk(a)wikimedia.org>