[rt-users] Authentication

Atom Powers apowers at digipen.edu
Wed Sep 14 13:48:30 EDT 2005 

Dave Sill wrote:

>OK... So how does one make auth_pam work with RT?
>
>-Dave
>  
>
You should be able to piece it together from the docos on the RT Wiki, 
but to save you some trouble, and because the relevant sections of the 
wiki can be confusing, here is what I did on FreeBSD 5.4. I'm using 
FastCGI, because I'm running Apache 2. Here is the relevant section of 
my httpd.conf
--

#
# Request Tracker Web Interface Settings
#
DocumentRoot "/usr/local/rt3/share/html/"
FastCgiIpcDir /tmp
FastCgiServer /usr/local/rt3/bin/mason_handler.fcgi -idle-timeout 60 
-processes 5
AddHandler fastcgi-script fcgi fcgi fgi
AddDefaultCharset UTF-8
SetHandler fastcgi-script

<Directory / >
        AuthType Basic
        AuthName "Domain"
        AuthPAM_Enabled on
        require valid-user
        Order deny,allow
        AllowOverride All
        Options ExecCGI FollowSymLinks
# For No-Auth testing (comment above Auth )
#       Order allow,deny
#       Allow from All
</Directory>

Alias /NoAuth/images/ /usr/local/rt3/share/html/NoAuth/images/
<Location /NoAuth/images >
        SetHandler default-handler
</Location>

ScriptAlias / /usr/local/rt3/bin/mason_handler.fcgi/

Alias /NoAuth/ /usr/local/rt3/share/html/NoAuth/
<Location /NoAuth >
        satisfy any
        allow from all
</Location>

Alias /REST/1.0/NoAuth/ /usr/local/rt3/share/html/REST/1.0/NoAuth/
<Location /REST/1.0/NoAuth >
        satisfy any
        allow from all
</Location>
--

You may also have to tell PAM what to do about Apache.
Here is my /etc/pam.d/httpd file:
--

# auth
auth            required        pam_nologin.so          no_warn
auth            sufficient      /usr/local/lib/pam_ldap.so
auth            sufficient      pam_opie.so             no_warn 
no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            required        pam_unix.so             no_warn 
try_first_pass

# account
account         sufficient      /usr/local/lib/pam_ldap.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         required        pam_permit.so

# password
password        required        pam_unix.so             no_warn 
try_first_pass



-- 
Perfection is just a word I use occasionally with mustard.
--Atom Powers--
Systems Administrator
DigiPen Institute of Technology
(425) 895-4443

More information about the rt-users mailing list