Incident 2025-12-18 – MediaWiki BotPassword Authentication Failure

From Lux-Ear Internal Knowledge Base
Revision as of 00:56, 7 January 2026 by Scott (talk | contribs) (An attempt to enable automated posting and maintenance tasks on the Lux-Ear Internal Knowledge Base (MediaWiki 1.41.1) failed due to incomplete BotPassword authentication configuration.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Incident 2025-12-18 – MediaWiki BotPassword Authentication Failure

Summary

An attempt to enable automated posting and maintenance tasks on the Lux-Ear Internal Knowledge Base (MediaWiki 1.41.1) failed due to incomplete BotPassword authentication configuration. Although bot users and bot passwords were successfully created and stored in the database, API authentication using those credentials consistently failed.

This incident blocked automation work, delayed publication of operational documentation, and contributed to extended manual intervention during a period of broader infrastructure instability.

Impact • Automated posting to the Wiki via API was not possible • Deployment and documentation automation scripts were blocked • Manual wiki edits were required during an already degraded operational state • Contributed to cumulative operational and cognitive overload

Timeline (condensed) • 2025-12-18 – Initial attempt to create and use BotPasswords for API access • Bot users and passwords appeared correctly in the database (bot_passwords table) • API login attempts (action=login, action=clientlogin) consistently failed • Extensive debugging confirmed credentials were correct but rejected • Investigation paused due to overlapping infrastructure issues

Technical Findings • MediaWiki version: 1.41.1 • $wgEnableBotPasswords = true • Bot password records existed and were correctly stored • Bot users had appropriate groups (bot, sysop, bureaucrat, etc.) • API endpoint (/api.php) was functional • Missing authentication provider: • BotPasswordAuthenticationProvider was not registered in wgAuthManagerAutoConfig • As a result, AuthManager could not authenticate bot credentials even though they existed

Root Cause

BotPasswords were enabled at the configuration level, but the corresponding authentication provider was not registered with MediaWiki’s AuthManager system. This created a misleading state where bot credentials could be created and stored but never successfully authenticated.

Resolution Status

Unresolved at time of incident.

The issue requires explicit configuration of the BotPassword authentication provider in LocalSettings.php, or verification that required components are correctly loaded for MediaWiki 1.41.x.

Follow-Up Actions • Explicitly register BotPasswordAuthenticationProvider in wgAuthManagerAutoConfig • Verify BotPassword API login using a minimal test script • Document the correct configuration pattern for future deployments • Resume automation work once API authentication is confirmed functional

Notes

This incident occurred during a period of compounded infrastructure changes (new Mac setup, SSH environment changes, backup reconfiguration, and network instability). The cumulative effect significantly increased time-to-resolution beyond what the individual issue would normally require.

When you’re ready, next we can: • create the standard incident template from this • extract and publish the remaining incidents from the ZIP • add a brief incident index entry to the Operations Log page

Retrieved from "https://ikb.lux-ear.com/index.php?title=Incident_2025-12-18_–_MediaWiki_BotPassword_Authentication_Failure&oldid=138"