[rt-users] Single Sign-On
Todd Chapman
todd at chaka.net
Fri Oct 21 10:33:21 EDT 2005
Yes, but if the NTLM authentication fails can Apache let
the user in anyway so that RT can handle the auth?
On Fri, Oct 21, 2005 at 08:18:58AM -0500, Nathan, Ahalya wrote:
> By using the Apache2::AuthenNTLM/ Apache::AuthenNTLM Authentication
> Handler you can do that. The NTLM gives the username and domain name
> from the IE client.
>
> Ahalya Nathan
> Senior Programmer / Analyst
> Information Technology, Metropolitan Utilities District
> (402) 504-7180 phone
> (402) 504-5180 fax
>
>
> -----Original Message-----
> From: Todd Chapman [mailto:todd at chaka.net]
> Sent: Thursday, October 20, 2005 10:30 PM
> To: Nathan Oyler
> Cc: Nathan, Ahalya; rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Single Sign-On
>
> But what I want to do is have Apache try passwordless NTLM
> witn my IE client, and then if that fails let RT handle
> authentication.
>
> -Todd
>
> On Thu, Oct 20, 2005 at 03:48:05PM -0700, Nathan Oyler wrote:
> > > On Thu, Oct 20, 2005 at 01:42:44PM -0500, Nathan, Ahalya wrote:
> > > > Single Sign On can be done by using the NTLM module in apache to
> get
> > the
> > > > Login ID from the IE browser. You can use this id to connect to
> the
> > LDAP
> > > > server. The LDAP contribution on the wiki will give you
> information
> > > > about connecting to the LDAP server. I am guessing NTLM module
> uses
> > > > mod-perl , not sure if it will work with fast-cgi.
> > > >
> > >
> > > Anyone know if you can get Apache to attempt automatic
> authentication
> > > with IE, and if that fails fall back to letting RT do the auth?
> > >
> > > -Todd
> >
> > I do this with the LDAP overlay instead of apache.
> >
> > It attempts LDAP, and then if that fails falls back to RT for auth. It
> > may actually try RT first, then LDAP. Works though.
More information about the rt-users
mailing list