[rt-users] R: Custom authentication script fails with > ExternalAuthPriority not defined, please check your configuration file

Scotto Alberto al.scotto at reply.it
Wed Jan 2 18:44:09 EST 2013


Yep! That's something I was mumbling about.

Thanks to you, I've just given it a try.
It's not that easy peasy: REST returns 200 even if you are not authenticated. But you can deduce if you have been auth'd from the HTML page you get, searching for 'span id="not-logged-in" ', for example.

What about the security point of view of the two methods of auth (my script vs REST)?
Assuming RT is reachable via https, can it be any worse than executing a script via ssh?

________________________________________
Da: Christian Loos [cloos at netsandbox.de]
Inviato: mercoledì 2 gennaio 2013 23.10
A: Scotto Alberto
Cc: rt-users at lists.bestpractical.com
Oggetto: Re: Custom authentication script fails with > ExternalAuthPriority not defined, please check your configuration file

Hi,

why not just call in you PHP app
https://your-rt-server-url/REST/1.0/
with user and pass as post parameter and check the first line of the
response for the status
* "200 Ok" = successful login
* "401 Credentials required" = not successful login


Chris


Am 20.12.2012 12:56, schrieb Scotto Alberto:
> Hi all,
>
>
>
> I’m writing a PHP application (a cloud self-service application that
> lets developers create testing environments and so on) for the company
> where I also installed RT. For the authentication part, I thought to
> authenticate users against RT, since the users of my PHP app are a
> subset of RT’s users.
>
> So, I’m down to writing a script (attached) that authenticates a user
> against RT, to be called from a PHP script.
>
> On RT I have RT-Authen-ExternalAuth that connects to LDAP.
>
> So in my perl script I’ve had to make two tries: first
> RT::Authen::ExternalAuth::DoAuth (for domain users); then, if it fails,
> $user->IsPassword($pass) (for local users).
>
> The problem is with RT::Authen::ExternalAuth::DoAuth; instead, the auth
> of local users with IsPassword always works.
>
> If I execute the script as root, it goes smooth.
>
> But for security reasons I want to execute it as another user (I created
> the Unix user “selfservice”, as well as the RT user “selfservice”).
> Executing the script as this Unix user, DoAuth fails with the following
> message:
>
>
>
> /ExternalAuthPriority not defined, please check your configuration file./
>
>
>
> What am I missing?
>
>
>
> Thank you very much!
>
>
>
> Regards
>
>
>
> Alberto Scotto
>





Alberto Scotto

Blue Reply
Via Cardinal Massaia, 83
10147 - Torino - ITALY
phone: +39 011 29100
al.scotto at reply.it
www.reply.it


________________________________

--
The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.



More information about the rt-users mailing list