diff -ru mantis-1.1.0.orig/core/authentication_api.php mantis-1.1.0.patched/core/authentication_api.php
--- mantis-1.1.0.orig/core/authentication_api.php	2007-10-19 07:54:58.000000000 +0200
+++ mantis-1.1.0.patched/core/authentication_api.php	2008-01-06 11:35:26.000000000 +0100
@@ -83,9 +83,16 @@
 
 		if ( false === $t_user_id ) {
 			if ( BASIC_AUTH == $t_login_method ) {
-				# attempt to create the user if using BASIC_AUTH
-				$t_cookie_string = user_create( $p_username, $p_password );
-
+				# Create the user if using BASIC_AUTH
+				#
+				# Modified to generate a random password.
+				# Since basic authentication should be authoratative, then this password
+        			# is just a dummy password, and should never be used. --Brian Vargas 
+				# http://ardvaark.net/making_mantis_with_basic_authentication_not_suck.html
+				# 
+			 	# This seems like right thing to do, even TWiki use this approach. --Joachim Nilsson
+				$p_email = "$p_username@example.com";
+				$t_cookie_string = user_create( $p_username, auth_generate_random_password($p_email) );
 				if ( false === $t_cookie_string ) {
 					# it didn't work
 					return false;
@@ -123,7 +130,7 @@
 		if ( !( ( ON == $t_anon_allowed ) && ( $t_anon_account == $p_username)  ) ) {
 			# anonymous login didn't work, so check the password
 
-			if ( !auth_does_password_match( $t_user_id, $p_password ) ) {
+			if ( BASIC_AUTH != $t_login_method && !auth_does_password_match( $t_user_id, $p_password )) {
 				user_increment_failed_login_count( $t_user_id );
 				return false;
 			}
diff -ru mantis-1.1.0.orig/core/html_api.php mantis-1.1.0.patched/core/html_api.php
--- mantis-1.1.0.orig/core/html_api.php	2007-10-28 15:39:30.000000000 +0100
+++ mantis-1.1.0.patched/core/html_api.php	2008-01-06 11:29:08.000000000 +0100
@@ -594,7 +594,7 @@
 					$t_menu_options[] = '<a href="billing_page.php">' . lang_get( 'time_tracking_billing_link' ) . '</a>';
 
 				# Logout (no if anonymously logged in)
-				if ( !current_user_is_anonymous() ) {
+				if ( BASIC_AUTH != config_get( 'login_method' ) && !current_user_is_anonymous() ) {
 					$t_menu_options[] = '<a href="logout_page.php">' . lang_get( 'logout_link' ) . '</a>';
 				}
 				PRINT implode( $t_menu_options, ' | ' );
diff -ru mantis-1.1.0.orig/index.php mantis-1.1.0.patched/index.php
--- mantis-1.1.0.orig/index.php	2007-10-13 23:36:40.000000000 +0200
+++ mantis-1.1.0.patched/index.php	2008-01-06 11:25:42.000000000 +0100
@@ -25,6 +25,8 @@
 <?php
 	if ( auth_is_user_authenticated() ) {
 		print_header_redirect( config_get( 'default_home_page' ) );
+	} else if ( BASIC_AUTH == config_get( 'login_method' ) ) { 
+	        print_header_redirect( 'login.php' ); 
 	} else {
 		print_header_redirect( 'login_page.php' );
 	}
diff -ru mantis-1.1.0.orig/logout_page.php mantis-1.1.0.patched/logout_page.php
--- mantis-1.1.0.orig/logout_page.php	2007-10-13 23:36:40.000000000 +0200
+++ mantis-1.1.0.patched/logout_page.php	2008-01-06 11:25:42.000000000 +0100
@@ -30,5 +30,9 @@
 		auth_http_set_logout_pending( true );
 	}
 
-	print_header_redirect( config_get( 'logout_redirect_page' ), /* die */ true, /* sanitize */ false );
+        if ( BASIC_AUTH == config_get( 'login_method' ) ) {
+	        print_header_redirect( 'index.php' ); 
+	} else { 
+        	print_header_redirect( config_get( 'logout_redirect_page' ), /* die */ true, /* sanitize */ false );
+	}
 ?>