[rt-users] [Fwd: quick configuration question...]

Marcin Stangel Marcin.Stangel at framestore.com
Tue Feb 17 09:13:12 EST 2009 

Hi there!

I have RT system (3.8.1) running on RHEL 5 64bit server, using apache
2.23. For authentication I use the plugin RT::Authen::ExternalAuth to
authenticate against Active Directory and it all works great...but...

We wanted to make it even more simply and to utilize Kerbreros.

Our Linux Servers and workstations are using a piece of software called
vintela, wchich brings some AD goodness to Linux world... The server on
which apache is running is using vintela (VAS) services, including
Kerberos (server is in the AD domain), and apache is configured to use
mod_auth_vas which utilizes Kerberos.

My question is:
What should I change in my RT_SiteConfig.pm to have RT using basin
apache authentication ?

I tried to configure our site to use apache authentication (because
apache is already configured for kerberos) like this:

Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);

but this didn't work - when loggin in, it just shows an empty index page
  with no tickets - just nothing...


Is there anything else I need to do? Maybe something to add to virtual
host definition ?



my virtual host configuration for this RT instance is like this:

<VirtualHost *:80>
     ServerName rt.our-domain
     ServerAlias rt
     DocumentRoot /var/systems-rt/share/html

     ErrorLog /var/log/httpd/systems-rt-error.log
     CustomLog /var/log/httpd/systems-rt-access.log common

PerlOptions +Parent
PerlModule Apache2::RequestRec Apache2::compat
PerlModule Apache::DBI
PerlRequire /var/systems-rt/bin/webmux.pl
PerlSetVar MasonArgsMethod CGI

# Normally a request for a directory will be rewritten to index.html
# (or similar) by default if that file exists. For some reason this does
# not happen with the handler being set to perl-script. We thus have to
# do it ourselves using mod_rewrite.

RewriteEngine on

RewriteRule ^/(.*)$ /var/systems-rt/share/html/$1

RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(/var/systems-rt/share/html.*)/$ $1/index.html

# We need this to prevent requests for images being sent through to
# the RT::Mason handler.

<Directory /var/systems-rt/share/html/NoAuth/images>
SetHandler default-handler
</Directory>

<Directory /var/systems-rt/share/html>
SetHandler perl-script
PerlHandler RT::Mason
</Directory>

</VirtualHost>


would be great to get some clues/hints.

regards,
Marcin


-- 
Marcin Stangel
www.framestore.com
Systems Support
19-23 Wells Street
London W1T 3PQ
+44 (0)20 7106 2544

More information about the rt-users mailing list