[rt-users] http authentication
Brian W. Spolarich
bwspolarich at uscar.org
Wed Jun 29 09:28:10 EDT 2005
rt-users-bounces at lists.bestpractical.com wrote:
> Hi,
>
> According to the RT features page, RT can "use your web
> server's existing authentication system" which I presume for
> Apache, it's the basic HTTP auth. Can anyone tell me how to
> do that rather than use the RT database to grant user access?
This isn't actually documented in a useful way. :-)
Basically you set this in RT_SiteConfig.pm:
Set($WebExternalAuth , 1);
You will then want to deal with this issue:
http://wiki.bestpractical.com/index.cgi?FAQ
Q: I use WebExternalAuth to authenticate my users. When I turn it on
E-Mail to queues stop working with a "401 Authorization Required" error.
How can I make the mail gateway authenticate to the web server?
A: Turn off the authentication requirement for all "NoAuth" directories.
For Apache edit the server-wide httpd.conf file and add the folloing in
RT's VirtualHost section (change the "/opt/rt3" to point to your
installation):
<Directory /opt/rt3/share/html/REST/1.0/NoAuth>
SetHandler perl-script
PerlHandler RT::Mason
satisfy any
allow from all
</Directory>
<Directory /opt/rt3/share/html/NoAuth>
SetHandler perl-script
PerlHandler RT::Mason
satisfy any
allow from all
</Directory>
Basically the "satisfy any" and "allow from all" directives ensure
that the NoAuth directories don't get hit with authentication. Given
that the RT mail gateway works over HTTP this is important.
At that point, RT will bypass the authentication screen and treat
$REMOTE_USER as an RT user. If you create an RT user account for them
with privileges, then they can do stuff in RT, but their RT password is
ignored.
I haven't done this yet, so YMMV. :-)
-brian
More information about the rt-users
mailing list