Authentication


 * Suggestion I: LDAP Authentication
 * by Ryan Lane


 * Suggestion II: Web server Authentication, and PHP/Pear::Auth. that solves the problem with LDAP authentication because if your webserver can LDAP/PAM whatever
 * by Bill Clark

Comments by Ryan (published with his permission) --Tom Gries mail 20:20, 4 Nov 2004 (UTC)

It seems to me that our patches are somewhat independent, and use different options in LocalSettings.php. I believe our ideas are two separate but equally useful ones. Bill's idea is to have a webserver (which can already do authentication of various types) authenticate for the wiki, whereas my patch with work with LDAP servers directly and can handle multiple domains simultaneously. My patch also gives the option of using the local database as well as LDAP servers incase a user cares to use the wiki for a transition period, or does not want a user to have an account in LDAP. The use of either patch would depend on what the end user's network (and management/system admins) allow.

If any of us can think of a good way to combine these patches, I'm all for it, but I'm truthfully somewhat ignorant on using webservers for authentication, and the way we could merge these patches in such a way that we would have one set of options in LocalSettings.php that would allow both methods to be used usefully.

I don't personally see a problem with having three different options for authentication though


 * 1) local database (default),
 * 2) Web Server authentication (Bill's patch), and
 * 3) LDAP Authentication (my patch),
 * 4) Auto-login / Auto-account-creation by hostname for intranet MediaWikis (patch and flowchart) based on
 * 5) hostname detection with php: gethostbyaddr and/or
 * 6) NTLM authentication to detect a logged-in Windows user by using NTLM HTTP Authentication, see NTLM and http://modntlm.sourceforge.net and http://modntlm.jamiekerwick.co.uk/

as they seem like separate ideas.

I have put some short documentation at LDAP_Authentication and I have linked to it from the roadmap.

Ryan Lane