This should be redone as a SessionProvider. On the plus side, you'll no longer need to worry about faking up a LoginForm or auto-creating the user yourself.
|Resolved||Deskana||T75616 Tracking: API/backend issues blocking Wikipedia app development|
|Resolved||Anomie||T32788 Allow triggering of user password reset email via the API|
|Open||None||T90925 General authentication improvements for MediaWiki|
|Resolved||Anomie||T48179 Allow a challenge stage during authentication|
|Open||None||T5709 Refactoring to make external authentication and identity systems easier|
|Resolved||Tgr||T43201 UserLoadFromSession considered evil|
|Resolved||Anomie||T67493 Session is started by EditAction (problem for extensions using UserLoadFromSession hook)|
|Open||None||T55156 Provide option to force a login session to end within a certain time|
|Open||None||T89459 Modernize MediaWiki authentication system (AuthManager)|
|Open||None||T110291 Update all extensions to use AuthManager|
|Declined||None||T145078 Update NTLMActiveDirectory to use AuthManager|
This extension probably needs a complete overhaul, starting with a name change, since it has nothing to do with NTLM! ActiveDirectoryAuthorization would be a better name IMHO. Also, instead of being a modified copy of Auth_remoteuser, it should depend on it and use the SessionCheckInfo hook.