[rt-users] WebExternalAuth and no root for you
Kevin Falcone
falcone at bestpractical.com
Mon Nov 21 10:15:27 EST 2011
On Mon, Nov 21, 2011 at 03:57:30AM -0500, Mauricio Tavares wrote:
> So I am trying to see if I can understand how to use WebExternalAuth.
> In /etc/apache2/sites-available/default I have:
>
> DocumentRoot /var/www
> <Directory />
> Options FollowSymLinks
> AllowOverride None
>
> AuthType Kerberos
> AuthName "Kerberos Login"
> KrbAuthRealms DOMAIN.COM
> KrbServiceName HTTP
> Krb5Keytab /etc/apache2/krb5.keytab
> KrbMethodK5Passwd on
> KrbDelegateBasic on
> Require valid-user
> </Directory>
>
> Then in RT_SiteConf.pm I added
>
> Set($WebExternalAuth , 1);
> Set($WebFallbackToInternalAuth , 1);
> Set($WebExternalAuto , 1);
>
> When I try to login as the root user, I am told it does not exist in kerberos:
>
> [Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115]
> krb5_get_init_creds_password() failed: Client not found in Kerberos
> database
>
> Would anyone know why it is not checking if rt knows of this user
> internally (as opposite to through kerberos)?
I suspect you need a Satisfy line in your apache config to allow it
through kerberos to the normal RT login screen.
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111121/c5d2eb08/attachment.sig>
More information about the rt-users
mailing list