[Rt-commit] rt branch, 4.2/mail-gateway-auth-docs, created. rt-4.2.4-45-g5accd7e

Alex Vandiver alexmv at bestpractical.com
Wed May 28 17:18:28 EDT 2014 

The branch, 4.2/mail-gateway-auth-docs has been created
        at  5accd7ea28d825804b443b8da25b46c919551853 (commit)

- Log -----------------------------------------------------------------
commit 5accd7ea28d825804b443b8da25b46c919551853
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed May 28 17:14:33 2014 -0400

    Document "Satisfy any" for the mail gateway if Apache authentication is in use

diff --git a/docs/authentication.pod b/docs/authentication.pod
index a24b422..d62a3d6 100644
--- a/docs/authentication.pod
+++ b/docs/authentication.pod
@@ -60,7 +60,31 @@ In order to keep user data in sync, this type of external auth is almost always
 used in combination with one or both of L</RT::Authen::ExternalAuth> and
 L</RT::Extension::LDAPImport>.
 
-=head3 Configuration options
+=head3 Apache configuration
+
+When configuring Apache to protect RT, remember that the RT mail gateway
+uses the web interface to upload the incoming email messages.  You will
+thus need to provide an exception for the mail gateway endpoint.
+
+An example of using LDAP authentication and HTTP Basic auth:
+
+    <Location />
+        Require valid-user
+        AuthType Basic
+        AuthName "RT access"
+        AuthBasicProvider ldap
+        AuthLDAPURL \
+            "ldap://ldap.example.com/dc=example,dc=com"
+    </Location>
+    <Location /REST/1.0/NoAuth/mail-gateway>
+        Order deny,allow
+        Deny from all
+        Allow from localhost
+        Satisfy any
+    </Location>
+
+
+=head3 RT configuration options
 
 All of the following options control the behaviour of RT's built-in external
 authentication which relies on the web server.  They are documented in detail
diff --git a/docs/web_deployment.pod b/docs/web_deployment.pod
index 920c223..79a9fb4 100644
--- a/docs/web_deployment.pod
+++ b/docs/web_deployment.pod
@@ -29,6 +29,9 @@ C<mod_speling> will cause RT's CSS and JS to not be loaded, making RT
 appear unstyled. C<mod_cache> will cache cookies, making users be
 spontaneously logged in as other users in the system.
 
+See also L<authentication/Apache configuration>, in case you intend to
+use Apache to provide authentication.
+
 =head3 mod_fastcgi
 
     # Tell FastCGI to put its temporary files somewhere sane; this may
@@ -230,4 +233,3 @@ C<Location> directive.
 
 If you're not using Apache, please see L<Plack::Handler::FCGI> or the web
 server's own documentation for configuration examples.
-

-----------------------------------------------------------------------

More information about the rt-commit mailing list