[rt-users] RT 4
Jan Grant
jan.grant at bristol.ac.uk
Sat May 5 03:35:27 EDT 2007
On Fri, 4 May 2007, Brian Gallew wrote:
> Scott Courtney wrote:
> > > 3. Active Directory interface/native integration - This is a biggie.
> > > NOBODY want's / needs an extra user ID / password combo to remember.
> > >
> >
> > -1 on Active Directory integration; +1 on Kerberos integration that *also*
> > works with AD. Please don't go down the platform-specific road; support the
> > open standard instead.
> >
>
> Perhaps I'm weird, but I don't want *any* native authentication in RT.
> Authentication is the domain of the web server. I vastly prefer RT to behave
> appropriately according to the current web server authentication,
> automatically creating new users as they appear, and all non-authenticated
> users become anonymous. Of course, RT already supports this mode of
> operation, so I'm happy. 8-)
Seconded. If RT's behind apache, there are a number of ways to kerberize
that (against AD if necessary) and RT will pick up the user from that.
Here, we use RT against our standard SSO implementation (which again
calls out to krb/AD behind the scenes).
Group membership integration is more interesting, but I'm reasonably
convinced (in our case at least) that by exposing the group membership
APIs via a remote interface we'll be able to use our provisioning kit to
keep those synchronised.
--
jan grant, ISYS, University of Bristol. http://www.bris.ac.uk/
Tel +44 (0)117 3317661 http://ioctl.org/jan/
Hang on, wasn't he holding a wooden parrot? No! It was a porcelain owl.
More information about the rt-users
mailing list