[rt-users] Single Sign-On

Nathan, Ahalya Ahalya_Nathan at mudnebr.com
Sat Oct 22 23:18:55 EDT 2005


I am guessing you may have to change the NTLM program for that.

________________________________

From: Todd Chapman [mailto:todd at chaka.net]
Sent: Fri 10/21/2005 9:33 AM
To: Nathan, Ahalya
Cc: Nathan Oyler; rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Single Sign-On



Yes, but if the NTLM authentication fails can Apache let
the user in anyway so that RT can handle the auth?

On Fri, Oct 21, 2005 at 08:18:58AM -0500, Nathan, Ahalya wrote:
> By using the Apache2::AuthenNTLM/ Apache::AuthenNTLM Authentication
> Handler you can do that. The NTLM gives the username and domain name
> from the IE client.
>
> Ahalya Nathan
> Senior Programmer / Analyst
> Information Technology, Metropolitan Utilities District
> (402) 504-7180 phone
> (402) 504-5180 fax
>
>
> -----Original Message-----
> From: Todd Chapman [mailto:todd at chaka.net]
> Sent: Thursday, October 20, 2005 10:30 PM
> To: Nathan Oyler
> Cc: Nathan, Ahalya; rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] Single Sign-On
>
> But what I want to do is have Apache try passwordless NTLM
> witn my IE client, and then if that fails let RT handle
> authentication.
>
> -Todd
>
> On Thu, Oct 20, 2005 at 03:48:05PM -0700, Nathan Oyler wrote:
> > > On Thu, Oct 20, 2005 at 01:42:44PM -0500, Nathan, Ahalya wrote:
> > > > Single Sign On can be done by using the NTLM module in apache to
> get
> > the
> > > > Login ID from the IE browser. You can use this id to connect to
> the
> > LDAP
> > > > server. The LDAP contribution on the wiki will give you
> information
> > > > about connecting to the LDAP server. I am guessing NTLM module
> uses
> > > > mod-perl , not sure if it will work with fast-cgi.
> > > >
> > >
> > > Anyone know if you can get Apache to attempt automatic
> authentication
> > > with IE, and if that fails fall back to letting RT do the auth?
> > >
> > > -Todd
> >
> > I do this with the LDAP overlay instead of apache.
> >
> > It attempts LDAP, and then if that fails falls back to RT for auth. It
> > may actually try RT first, then LDAP. Works though.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20051022/3edb8bea/attachment.htm>


More information about the rt-users mailing list