MediaWiki はページごとの制限を提供するためには書かれていませんし、インストールを強く推奨しているハックやパッチにもたいていどこかに欠陥があるものです。すなわち、機密データの流出を招くおそれがあります。 If you require this level of control, you are strongly advised to use a content management system that supports it natively. Patches or third-party extensions claiming to provide access control may contain security flaws, potentially exposing confidential data. Use them at your own risk. Neither the MediaWiki developers nor the Wikimedia Foundation are responsible for any data leaks that may result. This message is added to all extensions of this nature and may not reflect the actual security status of this extension. For more information, see Security issues with authorization extensions .

MediaWiki 拡張機能マニュアル

NetworkAuth リリースの状態: 安定Category:Stable extensions/ja
実装	利用者識別 Category:User identity extensions/ja, 利用者権限 Category:User rights extensions/ja, フック Category:Hook extensions/ja
説明	Allows to automatically authenticate users coming from certain network addresses
作者	Olaf Lenz (Olenzトーク)
最新バージョン	2.2
MediaWiki	>= 1.35.0
データベースの変更	いいえ
ライセンス	GNU 一般公衆利用許諾書 2.0 以降
ダウンロード	拡張機能をダウンロード Git [?]: リポジトリを参照 (GitHub) Gerrit コード レビュー Git コミット ログ Download source tarball Category:Extensions in Wikimedia version control/ja
パラメーター $wgNetworkAuthUsers $wgNetworkAuthSpecialUsers
使用するフック SkinTemplateNavigation::Universal Category:SkinTemplateNavigation::Universal extensions/ja UserLoadAfterLoadFromSession Category:UserLoadAfterLoadFromSession extensions/ja
translatewiki.net で翻訳を利用できる場合は、NetworkAuth 拡張機能の翻訳にご協力ください
問題点	未解決のタスク · バグを報告

The NetworkAuth extension is intended to bind particular network addresses to specific users. When the wiki is accessed from a specific network address, they will be automatically logged in with the specified user name. When a wiki is configured not to allow anonymous read and/or write access, the extension can be used to grant read and write access for users from particular network addresses (e.g., from the intranet of a company).

インストール

• ダウンロードして、ファイルをextensions/フォルダー内のNetworkAuthという名前のディレクトリ内に配置します。
  開発者とコード寄稿者は、上記の代わりに以下を使用してGitからインストールします:

  cd extensions/
  git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/NetworkAuth
  

• 以下のコードを LocalSettings.php ファイルの末尾に追加します:

  wfLoadExtension( 'NetworkAuth' );
  

• Configure as required.
• 完了 – ウィキの「Special:Version」に移動して、拡張機能が正しくインストールされたことを確認します。

設定

To configure the extension, set the configuration parameter $wgNetworkAuthUsers in LocalSettings.php , and optionally the configuration parameter $wgNetworkAuthSpecialUsers.

The configuration parameter $wgNetworkAuthUsers is an array that can contain one or several arrays to configure what user is logged in when a wiki page is loaded from a specific network address. NetworkAuth only becomes active when a user is not logged in already. When NetworkAuth detects an attempt to load a page by an anonymous user, it will check whether the source IP address of the request is matched by any of the records in $wgNetworkAuthUsers. If it is, it will log in to the specified user.

The username defined in the configuration must be for a user that already exists in MediaWiki.

Example

wfLoadExtension( 'NetworkAuth' );

// Log-in unlogged users from these networks
$wgNetworkAuthUsers[] = [
	'iprange' => [
        '127.0.0.1',
	    '10.1.10.0/24',
	    '10.2.10.152/32'
    ],
	'user'    => 'NetworkAuthUser',
];

// Log-in unlogged users when IP matches this regular expression
$wgNetworkAuthUsers[] = [
	'ippattern' => '/10\.1\.10\..*/',
	'user'      => 'NetworkAuthUser',
];

// Log-in unlogged users when IP’s reverse DNS lookup matches this domain
$wgNetworkAuthUsers[] = [
	'hostpattern' => '/.*\.domain\.example\.com/i',
	'user'        => 'AdminComputer',
];

/* To use the contents of the page MediaWiki:Networkauth-ips
 * (Where the page is formatted as a '*' followed by either an IP or range)
 */
$wgNetworkAuthUsers[] = [
	'ipmsg' => 'networkauth-ips',
	'user'  => 'Foo',
];

It might be a good idea not to use NetworkAuth to log in to a normal user account but to a special user account instead that exists exclusively for this purpose (e.g., "NetworkAuthUser"). In that case, one can add this account to the configuration parameter $wgNetworkAuthSpecialUsers. Users in this list do not get the normal list of Personal Urls. Instead, the PersonalUrls show:

• that the user is logged in via the NetworkAuth extension
• the IP address of the user
• a link to log out
• a link to log in

Example

$wgNetworkAuthSpecialUsers[] = 'NetworkAuthUser';

関連項目

• Extension:NetworkSession (also requires a token in addition to being on the network)