[rt-users] Certificate based access instead of username/pw

Thomas Smith theitsmith at gmail.com
Mon Feb 21 15:21:13 EST 2011


On Mon, Feb 21, 2011 at 12:35 PM, Kevin Falcone
<falcone at bestpractical.com>wrote:

> On Mon, Feb 21, 2011 at 09:24:38AM +0100, Adrian Stel wrote:
> > I would like to change standard access to RT from username/pw to
> > certificates authorization. Is there any simple way to do that ? Or
> > any additions to the RT ?
>
> You should be able to have Apache do the auth and pass that along to
> RT.  For the RT config, you want to read about WebExternalAuth in
> RT_Config.pm
>

If you do this (WebExternalAuth) and you're in an AD or Kerberos/LDAP
environment, you may be able to use pass-through authentication (assuming
that your users are logging in with the same credentials that they use for
authentication to your servers).

http://modauthkerb.sourceforge.net/
http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html

I have mod_auth_kerb working in this manner, authenticating against AD (not
in RT, but in a different app served through Apache). I haven't tested
mod_auth_ldap yet, but it would only be necessary if you're looking to
authorize your clients (versus just authenticating them).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110221/a3a4e72d/attachment.htm>


More information about the rt-users mailing list