[rt-users] RE: CA Client Certificates and RT 3.0.2???
Greg Boug
gboug at unico.com.au
Wed May 21 20:02:57 EDT 2003
David,
I'm curious, how did you get RT to run off a second virtual
server. I've tried that and failed. The problem being the
webmux.pl script can't be loaded into mod_perl more than once...
Greg
> -----Original Message-----
> From: David Z Maze [mailto:dmaze at MIT.EDU]
> Sent: Thursday, 22 May 2003 1:16 AM
> To: Greg Boug
> Cc: 'RT Users'
> Subject: Re: CA Client Certificates and RT 3.0.2???
>
>
> "Greg Boug" <gboug at unico.com.au> writes:
>
> > I am having a bit of fun configuring RT. We use a client side
> > certificate on the web browsers to provide additional security for
> > accessing the RT site. That all works fine for providing
> web access...
> >
> > The problem is when an email is sent to a queue...
>
> We use NIS-backed password authentication, but the same basic
> concept. RT_SiteConfig.pm has Set($WebExternalAuth, 1);, and
> Apache hands RT a username via the REMOTE_USER environment
> variable. On the non-SSL side, we arrange to lie to RT: we
> have a non-privileged user named 'guest', and REMOTE_USER is
> blindly set to this. rt-mailgate can then freely connect to
> the non-SSL side and feed in data that way. (I haven't
> gotten around to putting up interesting content in the NoAuth
> directory, still.)
>
> Our httpd.conf says:
>
> <VirtualHost _default_:80>
> <Location /rt>
> SetEnv REMOTE_USER guest
> </Location>
> </VirtualHost>
>
> <VirtualHost _default_:443>
> <Location /rt>
> SSLRequireSSL
> AuthType basic
> PerlAuthenHandler Apache::AuthenNIS
> Require valid-user
> </Location>
> </VirtualHost>
>
> --
> David Maze dmaze at mit.edu
> http://www.mit.edu/~dmaze/
> "Theoretical politics is
> interesting. Politicking should be illegal."
> -- Abra Mitchell
>
>
>
More information about the rt-users
mailing list