[rt-users] mod_auth_tkt

Wes Young wes at ren-isac.net
Mon Oct 3 16:27:18 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

has anyone had any success with RT 3.8.8+ and mod_auth_tkt?

something changed between 3.8.4 and 3.8.8 that fails to allow the auth_tkt cookie to be passed through and I can't quite figure out what it is. RT::ExternalAuth:: assumes you already have the cookie, but i'm guessing some security fix somewhere dis-allows a cross-site cookie from being planted when you wrap:

<Location /rt>
  TKT...

  SetHandler perl-script
  PerlHandler RT::Mason
</Location>

It works if the cookie is already set, but not if this is the handler that's setting the cookie (tested and works a-OK with the default apache handler).

I've been ripping through the interface handler code and i'm sure i'm missing something stupid here, just getting a bit blurry.

any insight greatly appreciated.
- --
Wes
claimid.com/wesyoung
soc at ren-isac.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)

iEYEARECAAYFAk6KGqoACgkQKezpZd226UYaXACfXpI/L6be2fK4ByvufCa7SJT5
7YAAnRUwB+4t4p5VTntsjgYk/I58pL/1
=Pb3C
-----END PGP SIGNATURE-----



More information about the rt-users mailing list