<p>To disable auth you can use location directives. For mailgate it's good to protect path by IP or host name.</p>
<p>Regards, Ruslan. From phone.</p>
<div class="gmail_quote">05.10.2011 8:06 пользователь "declaya" <<a href="mailto:chocoboselphie@gmx.de">chocoboselphie@gmx.de</a>> написал:<br type="attribution">> <br>> <br>> Thomas Smith-12 wrote:<br>
>> <br>>> <br>>> <br>>> Discovered another issue... This one isn't strictly RT-related, I don't<br>>> think.<br>>> <br>>> The email gateway is no longer working. When I configured Apache auth,<br>
>> I had to do it at the /opt/rt4 level--otherwise, RT would display the<br>>> login page without the option to login and SSO wouldn't work. Now the<br>>> mail gateway is unable to insert new tickets into the database as the<br>
>> area it's trying to access is password protected. Are there any<br>>> best-practices for lifting the security off of this one directory<br>>> (NoAuth only, right?) while maintaining SSO on the remainder of the<br>
>> system? Every time I exclude this directory from authentication, SSO<br>>> breaks.<br>>> <br>>> <br>>> <br>> <br>> Hi Thomas,<br>> I was facing the same problem (and I'm still curios about how to configure<br>
> Apache using SSO with NTLMv2, but thats another problem;) when I changed the<br>> login behavior for Apache.<br>> You have to change the Apache config: The NoAuth directories must be<br>> excluded from your AD authentication, so you have to set "satisfy any" and<br>
> "Allow from all" for that directories.<br>> <br>> So my Apache config looks like this:<br>> <br>> [...]<br>> <Directory "/opt/rt4/share/html"><br>> --->here goes your Auth config for the users<br>
> </Directory><br>> <br>> <Directory "/opt/rt4/share/html/REST/1.0/NoAuth"><br>> SetHandler modperl<br>> PerlResponseHandler Plack::Handler::Apache2<br>> satisfy any<br>> allow from all<br>
> </Directory><br>> <br>> <Directory "/opt/rt4/share/html/NoAuth"><br>> SetHandler modperl<br>> PerlResponseHandler Plack::Handler::Apache2<br>> satisfy any<br>> allow from all<br>
> </Directory><br>> <br>> <Location /REST/1.0/NoAuth><br>> satisfy any<br>> allow from all<br>> </Location><br>> [...]<br>> <br>> I'm not completely sure, which of the directories is the right one, but<br>
> until now it works for me.<br>> Hope this helps a bit!<br>> <br>> Have a nice day!<br>> -- <br>> View this message in context: <a href="http://old.nabble.com/LDAP-authentication-best-practices-tp32585400p32594359.html">http://old.nabble.com/LDAP-authentication-best-practices-tp32585400p32594359.html</a><br>
> Sent from the Request Tracker - User mailing list archive at Nabble.com.<br>> <br>> --------<br>> RT Training Sessions (<a href="http://bestpractical.com/services/training.html">http://bestpractical.com/services/training.html</a>)<br>
> * San Francisco, CA, USA October 18 & 19, 2011<br>> * Washington DC, USA October 31 & November 1, 2011<br>> * Barcelona, Spain November 28 & 29, 2011<br></div>