[rt-users] External Authentication Patch Set

Christian Gilmore cgilmore at tivoli.com
Wed Jul 11 10:22:17 EDT 2001


Folks,

I've completed the framework I deemed necessary to allow for external
authentication. I believe that in order to defer an external
authentication service you want to verify new users against that
authentication service before adding them to the system. This patch set
does that for automatic additions via incoming requests. It does not,
however, protect against an administrator directly adding a user via the
RT admin interfaces (CLI or web). These files were modified as follows:

* etc/config.pm
	added $WebExternalAuth - require external auth
	added $IncomingUserMatch - attempt external user
	  verification
	added $ForceIncomingUserMatch - require external user
	  verification

* WebRT/html/autohandler
	require REMOTE_USER if $WebExternalAuth is defined

* bin/rt-mailgate
	corrected bug in order of ErrorsTo and CurrentUser
	  initialization
	Expanded MailError subroutine to handle any loglevel
	  error defaulting to critical
	Added hook in GetCurrentUser subroutine for matching
	  incoming request user with external data source
	Added code to handle policy to require incoming user
	  match. Makes assertion that a template called
	  AutoRejectRequest should exist

These changes are all based upon the 2.0.0 release. Please let me know
what you think. I'll include in the next day or so an example for external
user matching. This patch set was written per Jesse's challenge of 6/28/01
in the thread "Re: [rt-users] RT2 and External Auth?" Enjoy!

Regards,
Christian

-----------------
Christian Gilmore
Infrastructure & Tools Team Lead
Web & Multimedia Development
IBM Software Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diffs.tar
Type: application/x-tar
Size: 11776 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20010711/6e3a2dc4/attachment.tar>


More information about the rt-users mailing list