[rt-users] REMOTE_USER, external auth, and email mismatching
Philip Brown
ppb at usc.edu
Tue May 14 16:41:01 EDT 2013
On 04/26/13 04:38 PM, Thomas Sibley wrote:
> On 04/26/2013 02:35 PM, Philip Brown wrote:
>> hi there,
>> We are looking at using kerb auth and mod_auth_kerb as our external auth mechanism for RT.
>>
>> ... I was hoping there was potentially a way to do any of the following:
>>
>> a) automatically drop the @xyz from REMOTE_USER entirely
>> b) autoconvert the @xyz to @real.domain
>>
>> c) (least preferable) have the autocreate routines, atomatically fill in @real.domain as the email address
> You can accomplish (b) with these options:
> http://bestpractical.com/rt/docs/latest/RT_Config.html#CanonicalizeEmailAddressMatch-CanonicalizeEmailAddressReplace
>
> You can also do more sophisticated munging by writing your own
> RT::User::CanonicalizeUserInfo:
> http://bestpractical.com/rt/docs/latest/RT/User.html#CanonicalizeUserInfo-HASH-of-ARGS
>
> Or you can take the easy way of (a) by setting the mod_auth_kerb config
> option that Jok pointed out earlier.
>
Well, I'm back, now that I've had more time to follow up :)
I have tried out using the KrbLocalUser tweak, and run into problems.
The email field does not get filled out on autocreate of an account.
I then attempted to do the fallback suggested via
CanonicalizeEmailAddressMatch
after removing the KrbLocalUser from my apache configs.
however, the replace did not seem to have any effect. I'm still getting
logged in as
user at KERB.my.com
rather than user at my.com
for the record, I'm using a match string of
'\@.*\.my.com$'
and replace of
'\@my.com'
it's kinda odd that I cant seem to google any sample RT_Config.pm files
for this'
More information about the rt-users
mailing list