RT with external auth (was Re: [rt-users] HTTP_Auth with rt?)
Eric Goodman
ericg at cats.ucsc.edu
Wed Feb 14 16:54:47 EST 2001
> # if the user's submitted password is his MSOE NT domain
>password, then
> # update the rt db to have his nt password
> sub msoe_authenticate {
> my ($username, $password) = @_;
> my ($user_id, $pass) = ($dbh->quote("$username"),
> $dbh->quote("$password"));
>
> use Authen::Smb;
> my $authResult = Authen::Smb::authen($username,
> $password, 'yamato', 'hood', 'MSOE');
> if ( $authResult == Authen::Smb::NO_ERROR ) {
> # user submitted a valid password. Let's put it into RT
> my $sql = qq[UPDATE users SET password = $pass WHERE
>user_id = $user_id];
> $dbh->Query($sql) or
> warn "[msoe_authenticate] Sql had some
>problems: $Mysql::db_errstr\n$sql";
> }
> }
Hmm. Doesn't this stick the users password into the DB in cleartext?
Seems like you might do better to add a one-time password into the
mix. You could essentially call your msoe_authenticate() function
passing in the one-time password. If the MSOE authentication
succeeds, the onetime password could get stored in the database (in
place of the domain password).
Still, a very nifty hack/patch!
--- Eric
More information about the rt-users
mailing list