[rt-users] external authorization
Andy Harrison
ah3 at mlz.us
Thu Aug 14 14:47:42 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Having a really weird problem I can't figure out. I'm using external
authorization and it's letting me past the web server login prompt, but stops
at the rt web login window, although the rt web login window has no fields in
which to type userid and password, the gray part of the table is simply blank,
execept for the copyright footer.
(originally I did all my changes in RT_SiteConfig.pm only)
# grep '^[^#]' RT_Config.pm
package RT;
=head1 NAME
RT::Config
=for testing
use RT::Config;
=cut
Set($rtname , "gwi.net");
Set($Organization , "gwi.net");
Set($MinimumPasswordLength , "8");
Set($Timezone , 'US/Eastern');
Set($DatabaseType , 'Pg');
Set($DatabaseHost , 'localhost');
Set($DatabaseRTHost , 'localhost');
Set($DatabasePort , '');
Set($DatabaseUser , 'rt3');
Set($DatabasePassword , 'xxxxxxxx');
Set($DatabaseName , 'rt3');
Set($DatabaseRequireSSL , undef);
Set($OwnerEmail , 'root');
Set($LoopsToRTOwner , 1);
Set($StoreLoops , undef);
Set($MaxAttachmentSize , 10000000);
Set($TruncateLongAttachments , undef);
Set($DropLongAttachments , undef);
Set($ParseNewMessageForTicketCcs , undef);
Set($RTAddressRegexp , '^rt\@gwi.net$');
Set($CanonicalizeEmailAddressMatch , 'rt.gwi.net$');
Set($CanonicalizeEmailAddressReplace , 'gwi.net');
Set($SenderMustExistInExternalDatabase , undef);
Set($CorrespondAddress , 'xxxxxxxsnipxxxxxx');
Set($CommentAddress , 'xxxxxxxsnipxxxxxxx');
Set($MailCommand , 'sendmailpipe');
Set($SendmailArguments , "-oi -t");
Set($SendmailPath , "/usr/sbin/sendmail");
Set($UseFriendlyFromLine , 1);
Set($FriendlyFromLineFormat , "\"%s via RT\" <%s>");
Set($UseFriendlyToLine , 0);
Set($FriendlyToLineFormat, "\"%s of $RT::rtname Ticket #%s\":;");
Set($NotifyActor, 0);
Set($LogToSyslog , 'debug');
Set($LogToScreen , 'error');
Set($LogToFile , 1);
Set($LogDir, '/usr/local/rt3/var/log');
Set($LogToFileNamed , "rt.log"); #log to rt.log
Set($WebPath , "");
Set($WebBaseURL , "https://bedlam.gwi");
Set($WebURL , $WebBaseURL . $WebPath . "/");
Set($WebImagesURL , $WebURL . "NoAuth/images/");
Set($LogoURL , $WebImagesURL . "rt.jpg");
Set($TrustHTMLAttachments , undef);
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , undef);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , undef);
@LexiconLanguages = qw(*) unless (@LexiconLanguages);
@EmailInputEncodings = qw(utf-8 iso-8859-1 us-ascii) unless
(@EmailInputEncodings);
Set($EmailOutputEncoding , 'utf-8');
Set($DateDayBeforeMonth , 1);
Set($AmbiguousDayInPast , 1);
1;
# cat RT_SiteConfig.pm
Set($rtname , "gwi.net");
Set($Organization , "gwi.net");
Set($MinimumPasswordLength , "8");
Set($OwnerEmail , 'ajharrison at gwi.net');
Set($RTAddressRegexp , '^rt3\@gwi.net$');
Set($CanonicalizeEmailAddressMatch , 'webrt.gwi.net');
Set($CanonicalizeEmailAddressReplace , 'gwi.net');
Set($CorrespondAddress , 'gwi-network at gwi.net');
Set($CommentAddress , 'gwi-network at gwi.net');
Set($LogToSyslog , 'debug');
Set($LogToScreen , 'error');
Set($LogToFile , 1);
Set($LogDir, '/usr/local/rt3/var/log');
Set($LogToFileNamed , "rt.log"); #log to rt.log
Set($WebBaseURL , "https://bedlam.gwi");
Set($WebExternalAuth , "true");
Set($WebFallbackToInternalAuth , undef);
1;
httpd.conf section:
#WEBRT PUBLIC VWS##
<VirtualHost 192.168.1.243:80>
ServerAdmin xxxxxxsnipxxxxxx
ServerName bedlam.gwi
DocumentRoot /usr/local/rt3/share/html
ErrorLog /var/log/httpd/bedlam.gwi_error_log
TransferLog /var/log/httpd/bedlam.gwi_access_log
<Directory />
RedirectMatch permanent /(.*) https://bedlam.gwi/$1
</Directory>
</VirtualHost>
<VirtualHost 192.168.1.243:443>
<IfDefine SSL>
SSLEngine on
SSLCertificateFile /usr/local/etc/apache/ssl.crt/bedlam.gwi.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/bedlam.gwi.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
</IfDefine>
ServerName bedlam.gwi
DocumentRoot /usr/local/rt3/share/html
ErrorLog /var/log/httpd/bedlam.gwi_error_log
TransferLog /var/log/httpd/bedlam.gwi_access_log
AddDefaultCharset UTF-8
AddRadiusAuth radius1.gwi:1812 xxxxxxsnipxxxxxxx
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl
<Location />
SetHandler perl-script
PerlHandler RT::Mason
</Location>
<Directory /usr/local/rt3/share/html/>
AuthRadiusAuthoritative on
AuthRadiusCookieValid 480
AuthName "WebRT"
AuthType Basic
AuthGroupFile /usr/local/etc/apache/auth/calltrak.group
#AuthUserFile /usr/local/etc/apache/auth/calltrak.auth
require group tech
Options FollowSymLinks +Includes ExecCGI MultiViews
AllowOverride AuthConfig Limit
</Directory>
</VirtualHost>
I look for errors logged in the apache logs, messages log, and rt.log and there
are none. And I quadruple checked that my login name appears in the
calltrack.group file and matches the what I'm typing in when I authenticate.
Any clues?
~~
Andy Harrison
(full headers for details)
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBPzvZTFPEkLgodAWVAQHBOAP+ORucDno2btfVI2CoOKa+rd3R9zgoN8sI
FvO15gqLtGNizrLljAGbWh1Z771HRIwFTjumgFc6n0xoVUe8sm+6aGdXr4Qt6jak
jXdwkSlXcpKsvQdAtLDbbzxmJMM8uMaFwl+SbZdBPG6CV3gwXF4t5pwWINXr11rh
mWHVJqOAf50=
=XBdA
-----END PGP SIGNATURE-----
More information about the rt-users
mailing list