[rt-users] Pubcookie, RT 3.8.0, cookies getting mangled?

Richmond, Raymond raymond.richmond at ualberta.ca
Mon Jul 28 20:40:33 EDT 2008

Ok, after playing around for a while more I am at a state where it
appears pubcookie detects that I have no cookie, redirects me to the
login server, cookie is set, browser is redirected back to my rt server,
pubcookie can see a session cookie and then I get dropped to the rt
login page.  It seems rt is mangling something once I get redirected
back (perhaps due to me mangling something in config).  Debian etch,
apache2, mod_fastcgi, rt 3.8.0

First is there a page inside RT I can look at to see what it thinks the
Apache Variables being presented are?  When I go to a test-site the
authentication sets up the REMOTE_USER as I expect but I want to be sure
in this site it is correct.  

Second I include my Virtualhost config and RT_Siteconfig for
scrutiny/mocking. J


<VirtualHost *:443>

        ServerAdmin nos at ualberta.ca


        ServerName myfqdn.com


        ErrorLog /var/log/apache2/nosticket-error

        CustomLog /var/log/apache2/nosticket-access_log common

        LogLevel debug


        SSLEngine on

        SSLCertificateFile /etc/ssl/certs/myfqdn.com.crt

        SSLCertificateKeyFile /etc/ssl/private/myfqdn.com.key


       DocumentRoot /usr/local/encap/rt-3.8.0/share/rt3/html



        PubcookieSessionKeyFile /etc/ssl/private/server.key

        PubcookieSessionCertFile /etc/ssl/certs/nosticket.crt

        PubcookieKeyDir /usr/local/pubcookie/keys/

        PubcookieLogin https://weblogin.mydomain.com/

        PubcookieLoginMethod POST

        PubcookieAuthTypeNames NETID

        PubCookiePostURL /index.html


        AddHandler fastcgi-script fcgi

        ScriptAlias / /usr/local/encap/rt-3.8.0/bin/mason_handler.fcgi/


        <Directory "/">

                Options FollowSymLinks

                AllowOverride AuthConfig



        <Directory "/usr/local/encap/rt-3.8.0/share/rt3/html">

                Options Indexes FollowSymLinks MultiViews

                AllowOverride AuthConfig

                AuthType NETID

                Require group NetOps

                AuthGroupFile /etc/apache2/sites-available/nos-groupfile



        <Location /*>

                AddDefaultCharset UTF-8

                SetHandler fastcgi-script

                AuthType NETID

                AuthName NetOpsRT

                Require group NetOps

                AuthGroupFile /etc/apache2/sites-available/nos-groupfile


        <Location /NoAuth >

                satisfy any

                AuthType none

                order deny,allow

                allow from all







Set($rtname , "myrtname");

Set($Organization , "myorg");

Set($Timezone , 'Canada/Mountain');


Set($DatabaseHost   , 'mydbfqdn.com');

Set($DatabaseUser , 'nos');

Set($DatabasePassword , 'rtsucks');

Set($DatabaseName , 'nosticket');


Set($OwnerEmail , 'richmond at ualberta.ca');


Set($WebBaseURL, 'https://myfqdn.com');

Set($WebPort, '443');

Set($WebImagesURL, $WebURL.'/NoAuth/images/');

Set($WebSecureCookies, 1);


Set($LogToSyslog    , undef);

Set($LogToScreen    , 'error');

Set($LogToFile      , 'debug');

Set($LogDir, '/var/log/rt3');

Set($LogToFileNamed , "rt.log");    #log to rt.log


Set($WebExternalAuth , 1);

Set($WebFallbackToInternalAuth, true);

Set($WebExternalAuto, 0);






Raymond Richmond                    phone:(780)492-9327

Team Lead, Network Operations Group fax:(780)492-1729

AICT             email:raymond.richmond at ualberta.ca


103A General Services Building

Edmonton, Alberta

Canada T6G 2H1


Omnia mutantur nihil interit


This communication is intended for the use of the recipient to which it
is addressed, and may contain confidential, personal, and/or privileged
information.  Please contact us immediately if you are not the intended
recipient of this communication.  If you are not the intended recipient
of this communication, do not copy, distribute, or take action on it.

Any communication received in error, or subsequent reply, should be
deleted or destroyed.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080728/68130609/attachment.htm>

More information about the rt-users mailing list