[rt-users] external authorization

Andy Harrison ah3 at mlz.us
Thu Aug 14 14:47:42 EDT 2003 

-----BEGIN PGP SIGNED MESSAGE-----

Having a really weird problem I can't figure out.  I'm using external
authorization and it's letting me past the web server login prompt, but stops
at the rt web login window, although the rt web login window has no fields in
which to type userid and password, the gray part of the table is simply blank,
execept for the copyright footer.

(originally I did all my changes in RT_SiteConfig.pm only)
 # grep '^[^#]' RT_Config.pm 
package RT;
=head1 NAME
RT::Config
=for testing
use RT::Config;
=cut
Set($rtname , "gwi.net");
Set($Organization , "gwi.net");
Set($MinimumPasswordLength , "8");
Set($Timezone , 'US/Eastern');
Set($DatabaseType , 'Pg');
Set($DatabaseHost   , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'rt3');
Set($DatabasePassword , 'xxxxxxxx');
Set($DatabaseName , 'rt3');
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);
Set($StoreLoops , undef);
Set($MaxAttachmentSize , 10000000);
Set($TruncateLongAttachments , undef);
Set($DropLongAttachments , undef);
Set($ParseNewMessageForTicketCcs , undef);
Set($RTAddressRegexp , '^rt\@gwi.net$');
Set($CanonicalizeEmailAddressMatch   , 'rt.gwi.net$');
Set($CanonicalizeEmailAddressReplace , 'gwi.net');
Set($SenderMustExistInExternalDatabase , undef);
Set($CorrespondAddress , 'xxxxxxxsnipxxxxxx');
Set($CommentAddress , 'xxxxxxxsnipxxxxxxx');
Set($MailCommand , 'sendmailpipe');
Set($SendmailArguments , "-oi -t");
Set($SendmailPath , "/usr/sbin/sendmail");
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , "\"%s via RT\" <%s>");
Set($UseFriendlyToLine , 0);
Set($FriendlyToLineFormat, "\"%s of $RT::rtname Ticket #%s\":;");
Set($NotifyActor, 0);
Set($LogToSyslog    , 'debug');
Set($LogToScreen    , 'error');
Set($LogToFile      , 1);
Set($LogDir, '/usr/local/rt3/var/log');
Set($LogToFileNamed , "rt.log");    #log to rt.log
Set($WebPath , "");
Set($WebBaseURL , "https://bedlam.gwi");
Set($WebURL , $WebBaseURL . $WebPath . "/");
Set($WebImagesURL , $WebURL . "NoAuth/images/");
Set($LogoURL , $WebImagesURL . "rt.jpg");
Set($TrustHTMLAttachments , undef);
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , undef);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , undef);
@LexiconLanguages = qw(*) unless (@LexiconLanguages);
@EmailInputEncodings = qw(utf-8 iso-8859-1 us-ascii) unless
(@EmailInputEncodings);
Set($EmailOutputEncoding , 'utf-8');
Set($DateDayBeforeMonth , 1);
Set($AmbiguousDayInPast , 1);
1;



# cat RT_SiteConfig.pm 
Set($rtname , "gwi.net");
Set($Organization , "gwi.net");
Set($MinimumPasswordLength , "8");
Set($OwnerEmail , 'ajharrison at gwi.net');
Set($RTAddressRegexp , '^rt3\@gwi.net$');
Set($CanonicalizeEmailAddressMatch   , 'webrt.gwi.net');
Set($CanonicalizeEmailAddressReplace , 'gwi.net');
Set($CorrespondAddress , 'gwi-network at gwi.net');
Set($CommentAddress , 'gwi-network at gwi.net');
Set($LogToSyslog    , 'debug');
Set($LogToScreen    , 'error');
Set($LogToFile      , 1);
Set($LogDir, '/usr/local/rt3/var/log');
Set($LogToFileNamed , "rt.log");    #log to rt.log
Set($WebBaseURL , "https://bedlam.gwi");
Set($WebExternalAuth , "true");
Set($WebFallbackToInternalAuth , undef);
1;


httpd.conf section:
#WEBRT PUBLIC VWS##
<VirtualHost 192.168.1.243:80>
        ServerAdmin xxxxxxsnipxxxxxx
        ServerName bedlam.gwi
        DocumentRoot /usr/local/rt3/share/html
        ErrorLog /var/log/httpd/bedlam.gwi_error_log              
        TransferLog /var/log/httpd/bedlam.gwi_access_log 
        <Directory />
                RedirectMatch permanent /(.*) https://bedlam.gwi/$1
        </Directory>
</VirtualHost>

<VirtualHost 192.168.1.243:443>
    <IfDefine SSL>
        SSLEngine on

        SSLCertificateFile /usr/local/etc/apache/ssl.crt/bedlam.gwi.crt
        SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/bedlam.gwi.key

        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>
    </IfDefine>

    ServerName bedlam.gwi
    DocumentRoot /usr/local/rt3/share/html
    ErrorLog /var/log/httpd/bedlam.gwi_error_log              
    TransferLog /var/log/httpd/bedlam.gwi_access_log 
    AddDefaultCharset UTF-8
    AddRadiusAuth radius1.gwi:1812 xxxxxxsnipxxxxxxx

    PerlModule Apache::DBI
    PerlRequire /usr/local/rt3/bin/webmux.pl

    <Location />
        SetHandler perl-script
        PerlHandler RT::Mason
    </Location>

    <Directory /usr/local/rt3/share/html/>
        AuthRadiusAuthoritative on
        AuthRadiusCookieValid 480
        AuthName "WebRT"
        AuthType Basic

        AuthGroupFile /usr/local/etc/apache/auth/calltrak.group
        #AuthUserFile  /usr/local/etc/apache/auth/calltrak.auth

        require group tech
        Options FollowSymLinks +Includes ExecCGI MultiViews
        AllowOverride AuthConfig Limit
    </Directory>
</VirtualHost>


I look for errors logged in the apache logs, messages log, and rt.log and there
are none.  And I quadruple checked that my login name appears in the
calltrack.group file and matches the what I'm typing in when I authenticate. 

Any clues?



~~ 
Andy Harrison
(full headers for details)


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPzvZTFPEkLgodAWVAQHBOAP+ORucDno2btfVI2CoOKa+rd3R9zgoN8sI
FvO15gqLtGNizrLljAGbWh1Z771HRIwFTjumgFc6n0xoVUe8sm+6aGdXr4Qt6jak
jXdwkSlXcpKsvQdAtLDbbzxmJMM8uMaFwl+SbZdBPG6CV3gwXF4t5pwWINXr11rh
mWHVJqOAf50=
=XBdA
-----END PGP SIGNATURE-----

More information about the rt-users mailing list