[rt-users] S/MIME
Jesse Vincent
jesse at bestpractical.com
Mon Apr 28 10:10:38 EDT 2008
On Apr 23, 2008, at 7:42 PM, Jay Kline wrote:
> Jesse Vincent wrote:
>>
>> On Apr 23, 2008, at 5:12 PM, Jay Kline wrote:
>>> Our organization makes heavy use of S/MIME for signatures and
>>> encryption
>>> of email, and we would like RT to indicate if a message is signed,
>>> and
>>> has a valid signature. I saw a few mentions of it in the
>>> archives, but
>>> most are old or inconclusive.
>>
>> We did a full integration for a client, but haven't found the cycles
>> to polish it for release just yet :/
>>
>
> Would you be willing to share the patch, even if it dosnt get included
> in the release? It surely would be helpful :-)
"polish it for release" includes "remove customer-specific identifying
details" which, as you might imagine, is relatively important ;)
>>
>>> Related to this, we use these certs for client auth in web
>>> browers, has
>>> anyone configured RT to use client certs for auth instead of
>>> cookies, or
>>> HTTP auth?
>>>
>> RT has support for HTTP auth (say, using apache's support for certs)
>> as a flag in the config file.
>>
>
> Yep, unfortunately this makes for really ugly usernames, as Apache
> sets
> the username to the full DN of the cert, we would ideally like to just
> use the CN, or map it to another name entirely (like the email
> address).
That bit is easy. In your RT config file:
sub RT::Interface::Web::WebCanonicalizeInfo {
my $user =$ENV{'REMOTE_USER'};
$user =~ s/\@SITE.CORP//i;
return $user;
}
> If its not really been done, Ill probably implement something using
> the
> Cookie based external auth that is already out there.
>
> Jay
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080428/c3973187/attachment.sig>
More information about the rt-users
mailing list