[rt-users] S/MIME

Jesse Vincent jesse at bestpractical.com
Mon Apr 28 10:10:38 EDT 2008

On Apr 23, 2008, at 7:42 PM, Jay Kline wrote:
> Jesse Vincent wrote:
>> On Apr 23, 2008, at 5:12 PM, Jay Kline wrote:
>>> Our organization makes heavy use of S/MIME for signatures and  
>>> encryption
>>> of email, and we would like RT to indicate if a message is signed,  
>>> and
>>> has a valid signature.  I saw a few mentions of it in the  
>>> archives, but
>>> most are old or inconclusive.
>> We did a full integration for a client, but haven't found the cycles
>> to polish it for release just yet :/
> Would you be willing to share the patch, even if it dosnt get included
> in the release? It surely would be helpful :-)

"polish it for release" includes "remove customer-specific identifying  
details" which, as you might imagine, is relatively important ;)

>>> Related to this, we use these certs for client auth in web  
>>> browers, has
>>> anyone configured RT to use client certs for auth instead of  
>>> cookies, or
>>> HTTP auth?
>> RT has support for HTTP auth (say, using apache's support for certs)
>> as a flag in the config file.
> Yep, unfortunately this makes for  really ugly usernames, as Apache  
> sets
> the username to the full DN of the cert, we would ideally like to just
> use the CN, or map it to another name entirely (like the email  
> address).

That bit is easy. In your RT config file:

sub RT::Interface::Web::WebCanonicalizeInfo {
         my $user =$ENV{'REMOTE_USER'};
         $user =~ s/\@SITE.CORP//i;
         return $user;

> If its not really been done, Ill probably implement something using  
> the
> Cookie based external auth that is already out there.
> Jay

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080428/c3973187/attachment.sig>

More information about the rt-users mailing list