[rt-users] Re: Apache authentication, then RT authentication?
Gretchen K. Wagner
gkwagner at cats.ucsc.edu
Tue Aug 13 15:10:27 EDT 2002
On Mon, 12 Aug 2002 deejoe at iastate.edu wrote:
> (Apologies if this belabors the point. Corrections, as always, welcome.)
Quite excellent summary of Things As They Are with regards to this situation
:) FWIW, yes, all accounts are configured, all accounts have passwords, and
I've tried various combinations of same/different passwords for the
krb/unix/rt accounts (all same username).
> Another caveat: Cookies are used for RT's built-in authentication. When
> external authentication is configured, no cookies are generated. Therefore
> it effectively becomes impossible to log out without closing the browser
> session and wiping the cache since http basic authentication can never be
> canceled or expired otherwise. This behavior (no cookies from RT) may have
> changed with more recent RT versions, I don't know.
I think this may be the sticking point. RT2 appears to accept the external
authentication, but it doesn't proceed beyond that initial page. Perhaps RT2
still wants cookies, but they're not being generated as part of the Apache
basic auth. Hrm...
--
Gretchen K. Wagner <gkwagner at cats.ucsc.edu>
Unix Systems Administrator
Distributed Computing Group
Communications and Technology Services
University of California Santa Cruz
More information about the rt-users
mailing list