[rt-users] RT and Kerberos SSO

jm130794 jm130794 at gmail.com
Tue Oct 11 14:29:20 EDT 2011 

Le 11/10/2011 17:34, Kevin Falcone a écrit :
> On Mon, Oct 10, 2011 at 08:31:14AM +0200, jm130794 wrote:
>>     Hello,
>>
>>     I try to authenticate my users with Kerberos. In my RT_SiteConfig.pm, I have :
> Kerberos usually implies mod_auth_kerb, not RT::Authen::ExternalAuth.
>
>>     ...
>>
>>     My problem : now, I can't connect to RT (Web interface) with my account which is already
>>     created. I get this :
>>
>>     Error
>>     Cannot create user : Name in use
> What's in your error logs?  Make sure you turn your logging up to debug.
>
> -kevin
>
>
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  San Francisco, CA, USA --- October 18&  19, 2011
> *  Washington DC, USA --- October 31&  November 1, 2011
> *  Barcelona, Spain --- November 28&  29, 2011
Hello,

I use mod_auth_kerb to authenticate users. I also have a LDAP server to 
store my users  informations(email, gecos, ...).

In Apache configuration, I have :

<Location />
         SetHandler perl-script
         PerlResponseHandler RT::Mason
         AuthType Kerberos
         AuthName "RT Kerberos Login"
         Krb5Keytab /etc/apache2/apache2_krb5.keytab
         KrbMethodNegotiate On
         KrbMethodK5Passwd On
         KrbAuthRealms UNIV-FCOMTE.FR
         KrbServiceName Any
         KrbVerifyKDC Off
         KrbAuthoritative Off
         KrbSaveCredentials On
    #KrbLocalUserMapping On
    #Doesn't work for me ! ==> I remove @univ-fcomte.fr in 
local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
         require valid-user
</Location>


log's contents after having tried me to log into RT :

[Tue Oct 11 18:23:10 2011] [debug]: ENTRE DANS CanonicalizeUserInfo: 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:434)
[Tue Oct 11 18:23:10 2011] [debug]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo called by RT::User 
/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/User_Vendor.pm 20 
with: Disabled: 0, EmailAddress: , Gecos: jmcarica at univ-fcomte.fr, Name: 
jmcarica at univ-fcomte.fr, Privileged: 1 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:453)
[Tue Oct 11 18:23:10 2011] [debug]: Attempting to get user info using 
this external service: LDAP_DEPTINFO_ST 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:464)
[Tue Oct 11 18:23:10 2011] [debug]: Attempting to use this 
canonicalization key: Name 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:478)
[Tue Oct 11 18:23:10 2011] [debug]: LDAP Search ===  Base: 
ou=people,dc=univ-fcomte,dc=fr == Filter: 
(&(objectClass=posixAccount)(uid=jmcarica)) == Attrs: 
cn,mail,uid,gecos,uid 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:195)
[Tue Oct 11 18:23:10 2011] [info]: 
RT::Authen::ExternalAuth::CanonicalizeUserInfo returning Disabled: 0, 
EmailAddress: jean-michel.caricand at univ-fcomte.fr, ExternalAuthId: 
jmcarica, Gecos: jmcaricand, Name: jmcarica, Privileged: 1, RealName: 
caricand jean-michel 
(/opt/rt3/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:542)
[Tue Oct 11 18:23:11 2011] [debug]: RT's GnuPG libraries couldn't 
successfully read your configured GnuPG home directory 
(/opt/rt3/var/data/gpg). PGP support has been disabled 
(/opt/rt3/bin/../lib/RT/Config.pm:339)
[Tue Oct 11 18:23:11 2011] [debug]: RT's GnuPG libraries couldn't 
successfully read your configured GnuPG home directory 
(/opt/rt3/var/data/gpg). PGP support has been disabled 
(/opt/rt3/bin/../lib/RT/Config.pm:339)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20111011/f7912bca/attachment.htm>

More information about the rt-users mailing list