[rt-users] Certificate based access instead of username/pw

Jeff Blaine jblaine at kickflop.net
Mon Feb 21 15:24:37 EST 2011


On 2/21/2011 3:15 PM, Kevin Falcone wrote:
> On Mon, Feb 21, 2011 at 03:06:44PM -0500, Jeff Blaine wrote:
>> On 2/21/2011 2:35 PM, Kevin Falcone wrote:
>>> On Mon, Feb 21, 2011 at 09:24:38AM +0100, Adrian Stel wrote:
>>>> I would like to change standard access to RT from username/pw to
>>>> certificates authorization. Is there any simple way to do that ? Or
>>>> any additions to the RT ?
>>>
>>> You should be able to have Apache do the auth and pass that along to
>>> RT.  For the RT config, you want to read about WebExternalAuth in
>>> RT_Config.pm
>> If you ever get this working, please let me know.  I've
>> tried and failed.
>
> You don't say what failed, but the Apache side is just
> SSLVerifyClient require
> plus
> SSLUserName

Yes, we have all of the cert stuff working fine (required).
I tried:

     SSLUserName SSL_CLIENT_S_DN_UID

and turned on WebExternalAuth, et al.  Restarted httpd,
closed browser, visited site, entered certificate
passphrase, and saw the same old RT login screen.

Also tried:

     SSLUserName 0.9.2342.19200300.100.1.1



More information about the rt-users mailing list