[rt-users] HTTP_Auth with rt?
Jonathan C. Detert
detertj at msoe.edu
Mon Feb 12 17:37:06 EST 2001
* D. Joe Anderson <deejoe at iastate.edu> [010212 11:54]:
> On Mon, 12 Feb 2001, Jonathan C. Detert wrote:
>
> > i thought i read something on the list that suggested you could
> > have rt do authentication via http auth, but I can't find any
> > documentation on how to do that.
-- snip --
> From rt/etc/config.pm:
>
> # WEB_AUTH_MECHANISM defines what sort of authentication you'd like to use
-- snip --
> My wishlist for RT would include the ability to do initial authentication
> via external auth mechanisms, but to have RT generate and track
> authentication cookies to enable session expiry/logouts.
I'm trying to hack rt1.0.4 so that it does exactly that using an NT
domain as the external source, and the perl Authen::Smb module to
interact with the NT domain. Although I have the initial authentication
working properly, I seem to have broken the use of cookies (since now I
have to authenticate every time I click on a link).
All I did was to modify two functions in lib/rt/database/config.pm :
is_password() and is_hash_of_password_and_ip().
These return a boolean value. I simply changed them to send the entered
password to a Authen::Smb call instead of to compare it's hashed value
to the hashed value from the database. Any ideas why my changes broke
the use of cookies?
--
Happy Landings,
Jon Detert
Unix System Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202
More information about the rt-users
mailing list