[rt-users] LDAP + Kerberos + RT
justin m. clayton
justincl at u.washington.edu
Wed Nov 20 19:49:05 EST 2002
I'm using RT 2.0.11 and would like to take advantage of the Requestor web
interface, but have no desire to maintain a seperate user/passwd list from
our otherwise single-sign on system (using openldap+kerberos). I think I
can handle setting up mod-auth-kerb on apache to to the authentication
bit (though any pointers would be helpful), but there's this other nagging
problem: anytime a user in RT is autocreated due to ticket submission, the
email address gets used as the username. This obviously doesn't match the
kerberos principal namespace, but is fixable by an admin going in and
changing the username to match. However, I'd like a cleaner solution. I
assume that the as-yet undocumented (in RT/FM, anyway) pluggable user
metadata features don't fix this, right? Any ideas? Any way to bypass the
RT db completely and just use LDAP as the user db, with kerberos as the
auth system?
Thanks,
Justin Clayton
VLSI Research System Administrator
University of Washington
Electrical Engineering Dept
justincl at u.washington.edu
206/543.2523 EE/CSE 307E
More information about the rt-users
mailing list