<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7226.0">
<TITLE>Re: [rt-users] Single Sign-On</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText87723 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>I am guessing you may have to
change the NTLM program for that.</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Todd Chapman
[mailto:todd@chaka.net]<BR><B>Sent:</B> Fri 10/21/2005 9:33 AM<BR><B>To:</B>
Nathan, Ahalya<BR><B>Cc:</B> Nathan Oyler;
rt-users@lists.bestpractical.com<BR><B>Subject:</B> Re: [rt-users] Single
Sign-On<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Yes, but if the NTLM authentication fails can Apache let<BR>the
user in anyway so that RT can handle the auth?<BR><BR>On Fri, Oct 21, 2005 at
08:18:58AM -0500, Nathan, Ahalya wrote:<BR>> By using the
Apache2::AuthenNTLM/ Apache::AuthenNTLM Authentication<BR>> Handler you can
do that. The NTLM gives the username and domain name<BR>> from the IE
client.<BR>><BR>> Ahalya Nathan<BR>> Senior Programmer /
Analyst<BR>> Information Technology, Metropolitan Utilities District<BR>>
(402) 504-7180 phone<BR>> (402) 504-5180 fax<BR>><BR>><BR>>
-----Original Message-----<BR>> From: Todd Chapman [<A
href="mailto:todd@chaka.net">mailto:todd@chaka.net</A>]<BR>> Sent: Thursday,
October 20, 2005 10:30 PM<BR>> To: Nathan Oyler<BR>> Cc: Nathan, Ahalya;
rt-users@lists.bestpractical.com<BR>> Subject: Re: [rt-users] Single
Sign-On<BR>><BR>> But what I want to do is have Apache try passwordless
NTLM<BR>> witn my IE client, and then if that fails let RT handle<BR>>
authentication.<BR>><BR>> -Todd<BR>><BR>> On Thu, Oct 20, 2005 at
03:48:05PM -0700, Nathan Oyler wrote:<BR>> > > On Thu, Oct 20, 2005 at
01:42:44PM -0500, Nathan, Ahalya wrote:<BR>> > > > Single Sign On
can be done by using the NTLM module in apache to<BR>> get<BR>> >
the<BR>> > > > Login ID from the IE browser. You can use this id to
connect to<BR>> the<BR>> > LDAP<BR>> > > > server. The LDAP
contribution on the wiki will give you<BR>> information<BR>> > >
> about connecting to the LDAP server. I am guessing NTLM module<BR>>
uses<BR>> > > > mod-perl , not sure if it will work with
fast-cgi.<BR>> > > ><BR>> > ><BR>> > > Anyone know
if you can get Apache to attempt automatic<BR>> authentication<BR>> >
> with IE, and if that fails fall back to letting RT do the auth?<BR>>
> ><BR>> > > -Todd<BR>> ><BR>> > I do this with the
LDAP overlay instead of apache.<BR>> ><BR>> > It attempts LDAP, and
then if that fails falls back to RT for auth. It<BR>> > may actually try
RT first, then LDAP. Works though.<BR></FONT></P></DIV>
</BODY>
</HTML>