[rt-users] External Authentication Patch Set
Christian Gilmore
cgilmore at tivoli.com
Wed Jul 11 10:22:17 EDT 2001
Folks,
I've completed the framework I deemed necessary to allow for external
authentication. I believe that in order to defer an external
authentication service you want to verify new users against that
authentication service before adding them to the system. This patch set
does that for automatic additions via incoming requests. It does not,
however, protect against an administrator directly adding a user via the
RT admin interfaces (CLI or web). These files were modified as follows:
* etc/config.pm
added $WebExternalAuth - require external auth
added $IncomingUserMatch - attempt external user
verification
added $ForceIncomingUserMatch - require external user
verification
* WebRT/html/autohandler
require REMOTE_USER if $WebExternalAuth is defined
* bin/rt-mailgate
corrected bug in order of ErrorsTo and CurrentUser
initialization
Expanded MailError subroutine to handle any loglevel
error defaulting to critical
Added hook in GetCurrentUser subroutine for matching
incoming request user with external data source
Added code to handle policy to require incoming user
match. Makes assertion that a template called
AutoRejectRequest should exist
These changes are all based upon the 2.0.0 release. Please let me know
what you think. I'll include in the next day or so an example for external
user matching. This patch set was written per Jesse's challenge of 6/28/01
in the thread "Re: [rt-users] RT2 and External Auth?" Enjoy!
Regards,
Christian
-----------------
Christian Gilmore
Infrastructure & Tools Team Lead
Web & Multimedia Development
IBM Software Group
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diffs.tar
Type: application/x-tar
Size: 11776 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20010711/6e3a2dc4/attachment.tar>
More information about the rt-users
mailing list