[rt-users] NT authentication, account creation
Les Mikesell
les at futuresource.com
Tue Mar 23 13:08:37 EST 2004
On Tue, 2004-03-23 at 11:35, Reggie Nalder wrote:
> We are trying to have RT authenticate to an NT domain
> using mod_auth_pam, and would like to have RT accounts
> created automatically when a valid NT domain user logs
> in through Apache. We do not have the mailgate
> configured for incoming email, and will be relying on
> the web interface for login.
>
> I am able to authenticate via Apache when a local
> Linux account is present, but I have been attempting
> to allow NT domain users to login and have an account
> created automatically. Winbind is running, and getent
> passwd returns all users, but I could use some help
> figuring out how to proceed.
You don't need a unix account created for apache to
permit authentication via PAM. For a RedHat based
system, the /etc/pam.d/httpd file can be:
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_permit.so
--
The 'auth' line checks the password and the account line
say allow anything if the authentication succeeds.
However, RT has it's own user database and you'll
either have to add the users there or add custom
code to give privileges if domain authentication
succeeds. Something has been posted to do this with
LDAP but I haven't seen any for SMB.
---
Les Mikesell
les at futuresource.com
More information about the rt-users
mailing list