[rt-users] External authorization in RT

Jason Taylor jtaylor at bastyr.edu
Tue Sep 21 12:03:52 EDT 2004


Biernacki, Michal wrote:

>It doesn't work:-/ 
>
>  
>
>>-----Original Message-----
>>From: Ruslan U. Zakirov [mailto:Ruslan.Zakirov at acronis.com] 
>>Sent: Tuesday, September 21, 2004 4:58 PM
>>To: Biernacki, Michal
>>Cc: rt-users at lists.bestpractical.com
>>Subject: Re: [rt-users] External authorization in RT
>>
>>I think you can add next lines to prevent auth:
>>
>>          <Location /NoAuth/>
>>                  SetHandler perl-script
>>                  PerlHandler RT::Mason
>>          </Location>
>>
>>
>>Biernacki, Michal wrote:
>>    
>>
>>>Hello,
>>>
>>>I've sucessfuly installed RT. It works perfect:-) Right now 
>>>      
>>>
>>I'm trying 
>>    
>>
>>>to configure RT with external authorization (Windows NT domain). I 
>>>made some changes in RT_Config.pm:
>>>
>>>Set($WebExternalAuth , 1);
>>>Set($WebFallbackToInternalAuth , 1);
>>>Set($WebExternalAuto , 1);
>>>
>>>I've also made changes to httpd.conf:
>>>
>>><VirtualHost 10.107.10.3>
>>>        ServerAdmin mbiernacki at nodomain.com
>>>        DocumentRoot /usr/local/rt3/share/html
>>>        AddDefaultCharset UTF-8
>>>        ServerName helpdesk.nodomain.com
>>>        PerlModule Apache::DBI
>>>        PerlRequire /usr/local/rt3/bin/webmux.pl
>>>        <Location />
>>>                SetHandler perl-script
>>>                PerlHandler RT::Mason
>>>                PerlAuthenHandler Apache::AuthenNTLM
>>>                AuthType ntlm
>>>                require valid-user
>>>                PerlAddVar ntdomain "EDP PLWAWMPDC01"
>>>                PerlAddVar defaultdomain EDP
>>>                PerlAddVar fallbackdomain EDP
>>>                PerlSetVar ntlmsemkey 0
>>>                PerlSetVar splitdomainprefix 1
>>>        </Location>
>>></VirtualHost>
>>>
>>>After these changes I can login into the web interface of RT. 
>>>Unfortunately I can not create new ticket using e-mail. The 
>>>      
>>>
>>mail server tries to "login"
>>    
>>
>>>to the RT, but NTLM authentication is not supported.
>>>Do you have any ideas or workaround?
>>>
>>>Best regards
>>>Michal
>>>_______________________________________________
>>>      
>>>
Here's my pertinent httpd.conf snippet.  Hope it helps.

FastCgiIpcDir /var/run/httpd/fastcgi
FastCgiServer /usr/local/rt3/bin/mason_handler.fcgi -idle-timeout 3600 
-processes 5
<VirtualHost *:1080>
   ServerName pippin.middleearth.prv:1080
   DocumentRoot /usr/local/rt3/share/html

   AddHandler fastcgi-script fcgi
   Alias /NoAuth/images/ /usr/local/rt3/share/html/NoAuth/images/
   ScriptAlias / /usr/local/rt3/bin/mason_handler.fcgi/

   <Location />
      SetHandler fastcgi-script

      AllowOverride None
      order allow,deny
      allow from all

      AuthName "Request Tracker"
      AuthType Kerberos        
      Krb5Keytab /etc/krb5.keytab
      KrbAuthRealms MIDDLEEARTH.PRV
      KrbSaveCredentials off
      KrbVerifyKDC off

      Require valid-user
   </Location>

   <Location "/NoAuth">
      Satisfy Any
      Options FollowSymLinks Indexes ExecCGI
      AllowOverride None
      Order deny,allow
      Allow from 127.0.0.1,172.16.1.27
   </Location>

   <Location "/NoAuth/images">
      SetHandler default-handler
   </Location>

   <Location "/REST/1.0/NoAuth">
      Satisfy Any              
      Options FollowSymLinks Indexes ExecCGI
      AllowOverride None                   
      Order deny,allow 
      Allow from 127.0.0.1,172.16.1.27
   </Location>
</VirtualHost>



More information about the rt-users mailing list