[rt-users] Alternate authentication methods
Hamilton, Kent
KHamilton at Hunter.COM
Fri Jun 29 13:12:55 EDT 2001
Gavin,
I asked this yesterday and Jessie invited me to send him a patch for it.
I have one that works for authenticating against an external auth source by
picking up $ENV{'REMOTE_USER'} but there are issues with it. One of the big
advantages of RT2 (In my view) is it's ability to let requestors look at
their tickets. The patch I currently have causes you to lose that ability.
I'm looking at modifying the user creation routines to somehow create
correct usernames to authenticate against web server auth but there are
serious issues with that. Do all your email address left hand side match
your NT/Kerberos/whatever usernames? Do you get mail from external users?
Etc., etc.....
If you don't mind not allowing requestors to be able to get in to look at
their own tickets, then this will work. There isn't any config.pm knob or
anything, if you add this then it's going to get the remote username from
the browser and try to load a user by that username. *Warning* only tested
for about 30 minutes before I decided I needed to do a lot more work before
I had what I need here.
*** autohandler.orig Thu Jun 28 13:00:35 2001
--- autohandler Thu Jun 28 14:07:35 2001
***************
*** 2,31 ****
<& /Elements/Footer &>
<%INIT>
#if it's a noauth file, don't ask for auth.
if ($m->base_comp->path =~ '^/NoAuth/') {
$m->call_next();
$m->abort();
! }
!
# If the user is loging in, let's authenticate
! elsif (defined ($user) && defined ($pass)){
! $session{'CurrentUser'} = RT::CurrentUser->new();
! $session{'CurrentUser'}->Load($user);
! unless ($session{'CurrentUser'}->id() ) {
! delete $session{'CurrentUser'};
! $m->comp('/Elements/Login', %ARGS, Error=> 'Your username or
password is incorrect');
! $m->abort();
! };
! unless ($session{'CurrentUser'}->IsPassword($pass)) {
! delete $session{'CurrentUser'};
! $m->comp('/Elements/Login', Error => 'Your username or password is
incorrect', %ARGS);
! $m->abort();
}
! }
!
#If we've got credentials, lets serve the file up.
if ( (defined $session{'CurrentUser'}) and
--- 2,41 ----
<& /Elements/Footer &>
<%INIT>
+
#if it's a noauth file, don't ask for auth.
if ($m->base_comp->path =~ '^/NoAuth/') {
$m->call_next();
$m->abort();
! } else {
!
! if ( defined $ENV{'REMOTE_USER'} ) {
! $user = $ENV{'REMOTE_USER'};
! $session{'CurrentUser'} = RT::CurrentUser->new();
! $session{'CurrentUser'}->Load($user);
! unless ($session{'CurrentUser'}->id() ) {
! delete $session{'CurrentUser'};
! $m->comp('/Elements/Login', %ARGS, Error=> "In External
Authentication your username ($user) is incorrect.");
! $m->abort();
! };
# If the user is loging in, let's authenticate
! } elsif (defined ($user) && defined ($pass)){
! $session{'CurrentUser'} = RT::CurrentUser->new();
! $session{'CurrentUser'}->Load($user);
! unless ($session{'CurrentUser'}->id() ) {
! delete $session{'CurrentUser'};
! $m->comp('/Elements/Login', %ARGS, Error=> 'Your username or
password is incorrect');
! $m->abort();
! };
! unless ($session{'CurrentUser'}->IsPassword($pass)) {
! delete $session{'CurrentUser'};
! $m->comp('/Elements/Login', Error => 'Your username or
password is incorrect', %ARGS);
! $m->abort();
! }
}
! }
#If we've got credentials, lets serve the file up.
if ( (defined $session{'CurrentUser'}) and
> -----Original Message-----
> From: Adams, Gavin [mailto:gadams at promisant.com]
> Sent: Friday, June 29, 2001 7:38 AM
> To: rt-users at lists.fsck.com
> Subject: [rt-users] Alternate authentication methods
>
>
> Is it possible to setup rt 2.0 to authenticate web UI users against an
> .htaccess file? We use a Kerberos domain for a variety of Windows 2000
> and UNIX systems, -- with the exception of rt. A good example is
> netsaint. When I authenticate against the web server, the username is
> passed through to netsaint and the appropriate permissions
> are granted.
>
> I know that gecos can be used for rt commands from a shell, is it
> possible to leverage this for the web UI?
>
> --- Gavin Adams
> Promisant Ltd.
> Bermuda
>
>
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
>
More information about the rt-users
mailing list