[rt-users] Re: Apache authentication, then RT authentication?
Rob Walker
rob at myinternetplace.net
Sun Nov 24 19:43:42 EST 2002
On Thu, 2002-11-14 at 12:49, deejoe at iastate.edu wrote:
> On Tue, Aug 13, 2002 at 12:10:27PM -0700, Gretchen K. Wagner wrote:
> > On Mon, 12 Aug 2002 deejoe at iastate.edu wrote:
> >
> > > (Apologies if this belabors the point. Corrections, as always, welcome.)
> >
> > Quite excellent summary of Things As They Are with regards to this situation
> > :) FWIW, yes, all accounts are configured, all accounts have passwords, and
> > I've tried various combinations of same/different passwords for the
> > krb/unix/rt accounts (all same username).
> >
> > > Another caveat: Cookies are used for RT's built-in authentication. When
> > > external authentication is configured, no cookies are generated. Therefore
> > > it effectively becomes impossible to log out without closing the browser
> > > session and wiping the cache since http basic authentication can never be
> > > canceled or expired otherwise. This behavior (no cookies from RT) may have
> > > changed with more recent RT versions, I don't know.
> >
> > I think this may be the sticking point. RT2 appears to accept the external
> > authentication, but it doesn't proceed beyond that initial page. Perhaps RT2
> > still wants cookies, but they're not being generated as part of the Apache
> > basic auth. Hrm...
>
> Am wondering if anyone ever solved this problem. I'm still running v1 RT
> installation. Now that I've migrated it to new hardware twice, I'm finally
> feeling like I might be up to upgrading to RT2 at some point.
>
> Hearing that the problem described above has been solved would be further
> encouragement towards that.
I must say that I don't really understand the problem. I am using
external authentication with rt2. My config.pm is located at
/usr/local/rt2/etc/config.pm and has the following as the first line:
# $Header: /usr/local/rt2/etc/RCS/config.pm,v 1.2 2002/09/20 17:54:52
root Exp root $
My apache is configured to authenticate our users via our shadow files,
under https. After we do this, we are logged in to rt without any
further ado. I hate to say this, but for us, after we set up RT to
accept the username from the apache server as authoritative, it "just
worked".
rob
More information about the rt-users
mailing list