[rt-users] External authorization in RT
Jason Taylor
jtaylor at bastyr.edu
Tue Sep 21 12:03:52 EDT 2004
Biernacki, Michal wrote:
>It doesn't work:-/
>
>
>
>>-----Original Message-----
>>From: Ruslan U. Zakirov [mailto:Ruslan.Zakirov at acronis.com]
>>Sent: Tuesday, September 21, 2004 4:58 PM
>>To: Biernacki, Michal
>>Cc: rt-users at lists.bestpractical.com
>>Subject: Re: [rt-users] External authorization in RT
>>
>>I think you can add next lines to prevent auth:
>>
>> <Location /NoAuth/>
>> SetHandler perl-script
>> PerlHandler RT::Mason
>> </Location>
>>
>>
>>Biernacki, Michal wrote:
>>
>>
>>>Hello,
>>>
>>>I've sucessfuly installed RT. It works perfect:-) Right now
>>>
>>>
>>I'm trying
>>
>>
>>>to configure RT with external authorization (Windows NT domain). I
>>>made some changes in RT_Config.pm:
>>>
>>>Set($WebExternalAuth , 1);
>>>Set($WebFallbackToInternalAuth , 1);
>>>Set($WebExternalAuto , 1);
>>>
>>>I've also made changes to httpd.conf:
>>>
>>><VirtualHost 10.107.10.3>
>>> ServerAdmin mbiernacki at nodomain.com
>>> DocumentRoot /usr/local/rt3/share/html
>>> AddDefaultCharset UTF-8
>>> ServerName helpdesk.nodomain.com
>>> PerlModule Apache::DBI
>>> PerlRequire /usr/local/rt3/bin/webmux.pl
>>> <Location />
>>> SetHandler perl-script
>>> PerlHandler RT::Mason
>>> PerlAuthenHandler Apache::AuthenNTLM
>>> AuthType ntlm
>>> require valid-user
>>> PerlAddVar ntdomain "EDP PLWAWMPDC01"
>>> PerlAddVar defaultdomain EDP
>>> PerlAddVar fallbackdomain EDP
>>> PerlSetVar ntlmsemkey 0
>>> PerlSetVar splitdomainprefix 1
>>> </Location>
>>></VirtualHost>
>>>
>>>After these changes I can login into the web interface of RT.
>>>Unfortunately I can not create new ticket using e-mail. The
>>>
>>>
>>mail server tries to "login"
>>
>>
>>>to the RT, but NTLM authentication is not supported.
>>>Do you have any ideas or workaround?
>>>
>>>Best regards
>>>Michal
>>>_______________________________________________
>>>
>>>
Here's my pertinent httpd.conf snippet. Hope it helps.
FastCgiIpcDir /var/run/httpd/fastcgi
FastCgiServer /usr/local/rt3/bin/mason_handler.fcgi -idle-timeout 3600
-processes 5
<VirtualHost *:1080>
ServerName pippin.middleearth.prv:1080
DocumentRoot /usr/local/rt3/share/html
AddHandler fastcgi-script fcgi
Alias /NoAuth/images/ /usr/local/rt3/share/html/NoAuth/images/
ScriptAlias / /usr/local/rt3/bin/mason_handler.fcgi/
<Location />
SetHandler fastcgi-script
AllowOverride None
order allow,deny
allow from all
AuthName "Request Tracker"
AuthType Kerberos
Krb5Keytab /etc/krb5.keytab
KrbAuthRealms MIDDLEEARTH.PRV
KrbSaveCredentials off
KrbVerifyKDC off
Require valid-user
</Location>
<Location "/NoAuth">
Satisfy Any
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
Allow from 127.0.0.1,172.16.1.27
</Location>
<Location "/NoAuth/images">
SetHandler default-handler
</Location>
<Location "/REST/1.0/NoAuth">
Satisfy Any
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
Allow from 127.0.0.1,172.16.1.27
</Location>
</VirtualHost>
More information about the rt-users
mailing list