[rt-users] external user authentication (i.e. LDAP)
Beachey, Kendric
Kendric.Beachey at garmin.com
Wed Apr 17 13:51:47 EDT 2002
From: darren chamberlain [mailto:darren at boston.com]
> * Beachey, Kendric <Kendric.Beachey at garmin.com> [2002-04-17 12:41]:
> > 2) When a user logs in via the web interface, hack #2 first attempts
> > to authenticate them against LDAP (in two different ways, for
> > different offices). If that fails, the stock code takes over to
> > authenticate them against RT's built-in user database.
>
> Wouldn't you want to try to authenticate against RT first, not
> last?
Hmmm. If the user changes their Novell password, I want that new password
to get them into RT as well. Changing their Novell password wouldn't affect
their RT password. The idea of changing all passwords on all systems in one
simple motion is what we're going for here.
You might be right, though, because I think Novell regards a negative
authentication (which is what you'd have if you fell through to the RT
authentication) as one of the three strikes you get before your account is
locked on suspicion of intruder activity.
But I think the intruder lockout only lasts fifteen minutes. (shrug) I
suppose I ought to change it anyway.
--
Kendric
More information about the rt-users
mailing list