[_ck_]

The authentication system in bbPress is completely adjustable via plugins.

Look in the pluggable.php file, there are 4 routines that have to be replaced.

If you look at a plugin like my “freshly baked cookies” you can sort-of see the 4 replacements you need. Actually you only need 2, because the other two are used by the first two. One creates the cookie, the other reads it. If you only want your other software to create the cookie, then in theory you only need one function replacement.

WordPress works the same way, except after WP 2.5 they added 2 or three other kinds of cookies. The older method that WP 2.5 and bbPress 0.9 uses is easier to hook into.

Note that a few obscure WordPress plugins like to read the cookie to gather the username which is a bad approach. No bbPress plugin that I am aware of does this yet, and I hope they won’t so we can switch to a httponly cookie which is more secure and less XSS vulnerable.

ps. technically the auth system doesn’t even have to be via cookies but the only other ways I am aware of would be HTTPS Client Authentication which is impractical for public systems or maybe LDAP