[rt-users] Re: CA Client Certificates and RT 3.0.2???
David Z Maze
dmaze at MIT.EDU
Wed May 21 11:16:20 EDT 2003
"Greg Boug" <gboug at unico.com.au> writes:
> I am having a bit of fun configuring RT. We use a client side
> certificate on the web browsers to provide additional security
> for accessing the RT site. That all works fine for providing
> web access...
>
> The problem is when an email is sent to a queue...
We use NIS-backed password authentication, but the same basic
concept. RT_SiteConfig.pm has Set($WebExternalAuth, 1);, and Apache
hands RT a username via the REMOTE_USER environment variable. On the
non-SSL side, we arrange to lie to RT: we have a non-privileged user
named 'guest', and REMOTE_USER is blindly set to this. rt-mailgate
can then freely connect to the non-SSL side and feed in data that
way. (I haven't gotten around to putting up interesting content in
the NoAuth directory, still.)
Our httpd.conf says:
<VirtualHost _default_:80>
<Location /rt>
SetEnv REMOTE_USER guest
</Location>
</VirtualHost>
<VirtualHost _default_:443>
<Location /rt>
SSLRequireSSL
AuthType basic
PerlAuthenHandler Apache::AuthenNIS
Require valid-user
</Location>
</VirtualHost>
--
David Maze dmaze at mit.edu http://www.mit.edu/~dmaze/
"Theoretical politics is interesting. Politicking should be illegal."
-- Abra Mitchell
More information about the rt-users
mailing list