[rt-users] Is PAM authentication possible?

[Josh Kuperman]

On Thu, Feb 20, 2003 at 08:45:45PM -0500, James O'Kane wrote:
> On Fri, 21 Feb 2003, Phil Homewood wrote:
> 
> > Josh Kuperman wrote:
> > > I was wondering if I could use PAM authentication with RT. I don't
> > > have a problem with MySQL but if I could set it up to use PAM then
> > > everyone with a login could be automatically configured (at least as
> > > far as thier password and e-mail address goes).
> > 
> > set $WebExternalAuth in config.pm and get Apache to auth against PAM?


But what do I set it to. The name of the module,
"pam_external_auth_module", or just PAM, or do I just set it by
removing the undef?

Also, what changes would I have to make to the database. I'd assume if
someone had one user name for RT and another to login on the system
I'd need to change that. 

> 
> I started off this way, but you also need to have users in the RT 
> database. I wanted to try authentication to afs via PAM, and if that 
> fails, try RT's database.
> 
> Here is what I've put in local/WebRT/html/autohandler for RT2.0.15
> 
> http://www.midnightlinux.com/~jo2y/autohandler.diff

I looked at this and it's interesting but the reason I want to use PAM
is that I have so many things that are simply accessible to the staff
here and no one else (web sites, directories, etc) that making RT
another one of those things would be desirable. I'd likely everyone to
actually be in by default and able to view specified queues and add
tickets to specified queues. 

Obviously I'd need database entries for this, but since they'd need to
log in wouldn't simply defining what I want for all users and only
having accounts for staff mean I was defining things for staff.

I'm only using RT2.0.14 - I've been meaning to update - I might even
consider the latest beta if it would make any of this easier.

-- 
Josh Kuperman                       
josh at saratoga.lib.ny.us