[rt-users] hack using mod_auth_kerb and self service web ui

seph seph at directionless.org
Wed May 14 11:24:52 EDT 2003


You didn't say what version of rt you're using. This should all be
possible in either rt2 or rt3, I have no idea about rt1. The mechanism
are similar, but slightly different.

> Using mod_auth_kerb with apache1, I'm currently able to get users to log
> in that have never touched RT before. It creates the user, but of course
> no email address. I'd like to take their kerberos principal and use it to
> formulate a default email address (username at ee.washington.edu). I'd also
> like users that are created via web logins to be unpriviledged by default
> so that they'd automatically get the self service ui: currently they get
> the default home page, even though they have no access to anything.

This is easy. IIRC you'll need to modify the autohandler, or whatever
is doing the user creation to specify an email address, and make it
unprivledged.

> My only other issue is that if users email in a request, and that system
> creates an account for them, the kerb account won't match (and, in fact,
> won't allow concurrent use of a single email address), and the charade is
> over. I really would like to avoid any steps for the admin on a
> per-account basis to get this to work.

assuming you can get some sort of lookup system, to match the emails
to principals, you can get rt to use it for email address
canonicolization. (flat files would work, ldap would work, whatever
you can code in perl, will work)

seph



More information about the rt-users mailing list