[rt-users] RT 4.0.4 behind Apache Reverse Proxy with mod_auth_kerb

Mon Sep 2 09:14:21 EDT 2013

Hi all,

we have successfully setup RT 4.0.4 with ldap_import and mod_auth_kerb. Now we need to get the setup running through our reverse proxy.

What we have on our reverse proxy is this:

ProxyPass        /rt/             http://hostname.local/rt/ max=100
ProxyPassReverse /rt/             http://hostname.local/rt/

        RedirectMatch ^/$ /rt/

        # Proxy all locations
        <Proxy *>
                AddDefaultCharset off
                Order deny,allow
                Deny from none
        </Proxy>

        <Location /rt>
        AuthType Kerberos
        AuthName "Kerberos Login"
        KrbAuthRealms KRB5.LOCAL
        Krb5KeyTab /etc/apache2/host.keytab
        KrbMethodNegotiate on
        KrbAuthoritative on
        KrbMethodK5Passwd off
        KrbSaveCredentials on
        require valid-user

        # SSO
        RewriteEngine On
        RewriteCond %{LA-U:REMOTE_USER} (.+)$
        RewriteRule . - [E=RU:%1]
        RequestHeader set REMOTE_USER %{RU}e

        </Location>

Running tcpdump we can see that REMOTE_USER is set and send to the host hosting RT. It looks like RT is not picking it up. As far as I understood is that my user gets authenticated at the proxy and RT should trust these credentials and log in the user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130902/fe313c1c/attachment.htm>