--- /dev/null
+[[!meta title="How do I authenticate users with certificates?"]]
+Please note that this method requires **all** users to authenticate
+with certificates. Password login is disabled.
+
+\1) Configure your site for certificate authentication. For
+ example, if you just want to make your site accessible to any MIT
+ user with certificates, add the following to `.htaccess` in your
+ wiki directory:
+
+ AuthType SSLCert
+ Require valid-user
+ ErrorDocument 401 /__scripts/needcerts
+
+For further information and options, including restricting access
+to specific people, see our full
+[FAQ on certificate authentication on scripts.](http://scripts.mit.edu/faq/15/)
+
+\2) Install
+ [SSLAuthPlugin.php](http://www.mediawiki.org/wiki/Extension:SSL_authentication#SSLAuthPlugin.php_.28MW_1.15.29)
+ from the MediaWiki project.
+
+\3) Add the following to `LocalSettings.php`:
+
+ require_once('extensions/SSLAuthPlugin.php');
+ $ssl_map_info = true;
+ $ssl_RN = $_SERVER['SSL_CLIENT_S_CN'];
+ $ssl_UN = $_SERVER['SSL_CLIENT_S_DN_Email'];
+ $atmit = '@mit.edu'; $atmit_len = strlen($atmit);
+ if ( strcasecmp( $atmit, substr($ssl_UN,-$atmit_len) ) == 0 )
+ $ssl_UN = substr($ssl_UN, 0, -$atmit_len);
+ $ssl_UN = str_replace('_', ' ', $ssl_UN);
+ $ssl_email = $_SERVER['SSL_CLIENT_S_DN_Email'];
+ SSLAuthSetup();
+
+
+