[rt-users] Alternate authentication methods

Jesse jesse at fsck.com
Fri Jun 29 19:30:04 EDT 2001


One way to deal with the issue you're running into might be to modify 
your rt-mailgate to do an email->username lookup before creating new users.


On Fri, Jun 29, 2001 at 12:12:55PM -0500, Hamilton, Kent wrote:
> Gavin,
> 
> I asked this yesterday and Jessie invited me to send him a patch for it. 
> 
> I have one that works for authenticating against an external auth source by
> picking up $ENV{'REMOTE_USER'} but there are issues with it.  One of the big
> advantages of RT2 (In my view) is it's ability to let requestors look at
> their tickets.  The patch I currently have causes you to lose that ability.
> I'm looking at modifying the user creation routines to somehow create
> correct usernames to authenticate against web server auth but there are
> serious issues with that.  Do all your email address left hand side match
> your NT/Kerberos/whatever usernames? Do you get mail from external users?
> Etc., etc.....
> 
> If you don't mind not allowing requestors to be able to get in to look at
> their own tickets, then this will work. There isn't any config.pm knob or
> anything, if you add this then it's going to get the remote username from
> the browser and try to load a user by that username.  *Warning* only tested
> for about 30 minutes before I decided I needed to do a lot more work before
> I had what I need here.
> 
> 
> *** autohandler.orig	Thu Jun 28 13:00:35 2001
> --- autohandler	Thu Jun 28 14:07:35 2001
> ***************
> *** 2,31 ****
>   <& /Elements/Footer &>
>   
>   <%INIT>
>   #if it's a noauth file, don't ask for auth.
>   if ($m->base_comp->path =~ '^/NoAuth/') {
>           $m->call_next();
>   	$m->abort();
> ! }
> !  
>   # If the user is loging in, let's authenticate
> ! elsif (defined ($user) && defined ($pass)){
>       
> !     $session{'CurrentUser'} = RT::CurrentUser->new();
> !     $session{'CurrentUser'}->Load($user);
> !     unless ($session{'CurrentUser'}->id() ) {
> ! 	delete $session{'CurrentUser'};
> ! 	$m->comp('/Elements/Login', %ARGS, Error=> 'Your username or
> password is incorrect');
> !         $m->abort();
> !     };
> !     unless ($session{'CurrentUser'}->IsPassword($pass)) {
> ! 	delete $session{'CurrentUser'};
>   	
> ! 	$m->comp('/Elements/Login', Error => 'Your username or password is
> incorrect', %ARGS);
> ! 	$m->abort();
>       }
> ! }
> !   
>   
>   #If we've got credentials, lets serve the file up.
>   if ( (defined $session{'CurrentUser'}) and 
> --- 2,41 ----
>   <& /Elements/Footer &>
>   
>   <%INIT>
> + 
>   #if it's a noauth file, don't ask for auth.
>   if ($m->base_comp->path =~ '^/NoAuth/') {
>           $m->call_next();
>   	$m->abort();
> ! } else {
> ! 
> !     if ( defined $ENV{'REMOTE_USER'} ) {
> !         $user = $ENV{'REMOTE_USER'};
> !         $session{'CurrentUser'} = RT::CurrentUser->new();
> !         $session{'CurrentUser'}->Load($user);
> !         unless ($session{'CurrentUser'}->id() ) {
> !             delete $session{'CurrentUser'};
> !             $m->comp('/Elements/Login', %ARGS, Error=> "In External
> Authentication your username ($user) is incorrect.");
> !             $m->abort();
> !         };
>   # If the user is loging in, let's authenticate
> !     } elsif (defined ($user) && defined ($pass)){
>       
> !         $session{'CurrentUser'} = RT::CurrentUser->new();
> !         $session{'CurrentUser'}->Load($user);
> !         unless ($session{'CurrentUser'}->id() ) {
> !             delete $session{'CurrentUser'};
> !             $m->comp('/Elements/Login', %ARGS, Error=> 'Your username or
> password is incorrect');
> !             $m->abort();
> !         };
> !         unless ($session{'CurrentUser'}->IsPassword($pass)) {
> !             delete $session{'CurrentUser'};
>   	
> !             $m->comp('/Elements/Login', Error => 'Your username or
> password is incorrect', %ARGS);
> !             $m->abort();
> !         }
>       }
> ! } 
>   
>   #If we've got credentials, lets serve the file up.
>   if ( (defined $session{'CurrentUser'}) and 
> 
> 
> > -----Original Message-----
> > From: Adams, Gavin [mailto:gadams at promisant.com]
> > Sent: Friday, June 29, 2001 7:38 AM
> > To: rt-users at lists.fsck.com
> > Subject: [rt-users] Alternate authentication methods
> > 
> > 
> > Is it possible to setup rt 2.0 to authenticate web UI users against an
> > .htaccess file? We use a Kerberos domain for a variety of Windows 2000
> > and UNIX systems, -- with the exception of rt. A good example is
> > netsaint. When I authenticate against the web server, the username is
> > passed through to netsaint and the appropriate permissions 
> > are granted.
> > 
> > I know that gecos can be used for rt commands from a shell, is it
> > possible to leverage this for the web UI?
> > 
> > --- Gavin Adams
> > Promisant Ltd.
> > Bermuda
> > 
> > 
> > _______________________________________________
> > rt-users mailing list
> > rt-users at lists.fsck.com
> > http://lists.fsck.com/mailman/listinfo/rt-users
> > 
> 
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
> 

-- 
jesse reed vincent -- root at eruditorum.org -- jesse at fsck.com 
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

  "Mary had a crypto key / She kept it in escrow
     And everything that Mary said / The Feds were sure to know" -- Sam Simpson 




More information about the rt-users mailing list