[rt-users] WebExternalAuth not working at all

Kevin Falcone falcone at bestpractical.com
Mon Sep 13 17:17:00 EDT 2010 

On Mon, Sep 13, 2010 at 03:55:36PM -0500, Peter Barton wrote:
>    Have you setup Auth Priority?

Peter -

RT's WebExternalAuth is not the same as RT::Authen::ExternalAuth

Jon -

If you're still seeing an RT login screen with
WebFallbackToInternalAuth set to 0, then something wrong is happening,
since that setting disables chunks of the Login element

My guess would be that using the speedycgi interface (which really
isn't widely used) is causing REMOTE_USER not to be propagated
properly.

-kevin

>    Set($ExternalAuthPriority,  [       'My_LDAP', 'My_LDAP2'               ]);
>    And info priority?
>    Set($ExternalInfoPriority,  [         'My_LDAP', 'My_LDAP2'               ]);
> 
>    From: rt-users-bounces at lists.bestpractical.com
>    [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Jon Davis
>    Sent: Monday, September 13, 2010 3:23 PM
>    To: rt-users
>    Subject: [rt-users] WebExternalAuth not working at all
> 
> 
> 
>    I'm currently running RT 3.8.7 under Ubuntu 10.04 with Apache 2 & SpeedyCGI.  I am trying to
>    use WebExternalAuth for authentication since I have my Apache install talking to OpenDS
>    (LDAP).
> 
>    I have the following config in my RT_SiteConfig.pm
>    Set($WebExternalAuth , 1);
>    Set($WebFallbackToInternalAuth , 0);
>    #Set($WebExternalGecos , 0);
>    Set($WebExternalAuto , 1);
>    #Set($AutoCreate, {Privileged => 1});
>    #Set($WebExternalAuthContinuous, 1);
> 
>    Apache prompts me for a password, and authenticates me.  In the Apache logs [1], it shows my
>    username... but RT keeps dumping me back  to the login screen.  I'd presum seeting
>    WebFallBackToInteralAuth to zero or indef to make that NOT happen.  I'm at my wits end trying
>    to figure out what is going on, why it wont authenticate from apache and why it gives me a
>    login screen even though it isn't supposed to.  I've tried every variation of fiddling with
>    the configs and I just dont know where to find the debug information nessiary to fix this.
> 
>    Please, any help would be GREATLY appreciated
>    -Jon
> 
>    [1] 192.168.38.170 - jdavis [13/Sep/2010:12:56:59 -0700] "GET /rt/ HTTP/1.1" 200 2212 "-"
>    "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.6) Gecko/20091201
>    Firefox/3.5.6"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100913/e171bab8/attachment.sig>

More information about the rt-users mailing list