[rt-users] Re: Apache authentication, then RT authentication?

Rick Rezinas rick.rezinas at qsent.com
Mon Nov 25 12:14:02 EST 2002


I've been following this thread as well, trying to get a clear
understanding of the problem.  I am running RT 2.0.13 authenticating
against apache using a Samba authentication, and have had no problems
with it (since getting apache to work with Samba, at least!).  

Is the problem that you can't log out? 

One thing is that the user needs to _exist_ in RT to get in.  seph
(thanks!) has a snappy script that worked in our environment with few
modifications that will autoadd users when the authenticate through
apache...
http://lists.fsck.com/pipermail/rt-devel/2002-May/002357.html

if the user doesn't exist in RT you'll just see the first page with no
authentication mechanism, and won't get any further.

rick

On Sun, 24 Nov 2002, Rob Walker wrote:

> On Thu, 2002-11-14 at 12:49, deejoe at iastate.edu wrote:
> > On Tue, Aug 13, 2002 at 12:10:27PM -0700, Gretchen K. Wagner wrote:
> > > On Mon, 12 Aug 2002 deejoe at iastate.edu wrote:
> > > 
> > > > (Apologies if this belabors the point.  Corrections, as always, welcome.)
> > > 
> > > Quite excellent summary of Things As They Are with regards to this situation 
> > > :)  FWIW, yes, all accounts are configured, all accounts have passwords, and 
> > > I've tried various combinations of same/different passwords for the 
> > > krb/unix/rt accounts (all same username).
> > > 
> > > > Another caveat:  Cookies are used for RT's built-in authentication.  When
> > > > external authentication is configured, no cookies are generated.  Therefore
> > > > it effectively becomes impossible to log out without closing the browser
> > > > session and wiping the cache since http basic authentication can never be
> > > > canceled or expired otherwise.  This behavior (no cookies from RT) may have
> > > > changed with more recent RT versions, I don't know.
> > > 
> > > I think this may be the sticking point.  RT2 appears to accept the external
> > > authentication, but it doesn't proceed beyond that initial page.  Perhaps RT2
> > > still wants cookies, but they're not being generated as part of the Apache
> > > basic auth.  Hrm...
> > 
> > Am wondering if anyone ever solved this problem.  I'm still running v1 RT
> > installation.  Now that I've migrated it to new hardware twice, I'm finally
> > feeling like I might be up to upgrading to RT2 at some point.  
> > 
> > Hearing that the problem described above has been solved would be further
> > encouragement towards that.
> 
> I must say that I don't really understand the problem.  I am using
> external authentication with rt2.  My config.pm is located at
> /usr/local/rt2/etc/config.pm and has the following as the first line:
> 
> # $Header: /usr/local/rt2/etc/RCS/config.pm,v 1.2 2002/09/20 17:54:52
> root Exp root $
> 
> My apache is configured to authenticate our users via our shadow files,
> under https.  After we do this, we are logged in to rt without any
> further ado.  I hate to say this, but for us, after we set up RT to
> accept the username from the apache server as authoritative, it "just
> worked".
> 
> rob
> 
> _______________________________________________
> rt-users mailing list
> rt-users at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-users
> 
> Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

--
Rick Rezinas  503-889-7091
Unix Systems Administrator
Qsent, Inc.


When Gladstone was British Prime Minister he visited Michael Faraday's
laboratory and asked if some esoteric substance called `Electricity'
would ever have practical significance.
"One day, sir, you will tax it," was the answer.
					        	-- Science, 1994




More information about the rt-users mailing list