wes at ren-isac.net
Mon Oct 3 16:27:18 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
has anyone had any success with RT 3.8.8+ and mod_auth_tkt?
something changed between 3.8.4 and 3.8.8 that fails to allow the auth_tkt cookie to be passed through and I can't quite figure out what it is. RT::ExternalAuth:: assumes you already have the cookie, but i'm guessing some security fix somewhere dis-allows a cross-site cookie from being planted when you wrap:
It works if the cookie is already set, but not if this is the handler that's setting the cookie (tested and works a-OK with the default apache handler).
I've been ripping through the interface handler code and i'm sure i'm missing something stupid here, just getting a bit blurry.
any insight greatly appreciated.
soc at ren-isac.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
-----END PGP SIGNATURE-----
More information about the rt-users