AuthPlugin

Authentication plugin interface.

Existing authentication plugins
There already exist authentication plugins for many cases like IMAP, LDAP and more. Category:User identity extensions lists these extensions.

Creating new authentication plugins
If you need to write your own plugin, see the source doc at MediaWiki Source Documentation (see also the latest source code)

Instantiate a subclass of AuthPlugin and set $wgAuth to it to authenticate against some external source.

The default behavior is not to do anything, and use the local user database for all authentication. A subclass can require that all accounts authenticate externally, or use it only as a fallback; also you can transparently create internal wiki accounts the first time someone logs in who can be authenticated externally.

Some notes missing in the source doc:
 * The username is translated by MediaWiki before it is passed to the function: First letter becomes upper case, underscore '_' become spaces ' '.
 * If autoCreate returns true (MediaWiki should create a local account for the user) updateExternalDB( $user ) is called anyway. I guess this is to allow the plugin to synchronize the user settings with the external database. updateExternalDB must return true to make MediaWiki store the settings in the local account.
 * AuthPlugin->userExists(...) is not called when the user has already been stored in the wiki DataBase.

External Sessions
In order to check the login status against some external session management scheme, use the AutoAuthenticate hook (MediaWiki 1.5 - 1.12) or UserLoadFromSession (since MediaWiki 1.13). This can be used to implement a single-signon setup, in addition to simple account sharing.