[rt-users] login via html-form (username/password) and WebExternalAuth side-by-side

Kevin Falcone falcone at bestpractical.com
Tue Nov 11 14:19:06 EST 2014


On Tue, Nov 11, 2014 at 12:45:41PM +0100, Luca Mazzaferro wrote:
> I want to give my users the possibility to login to rt through an
> SSO-mechanism (here: kerberos).
> It works fine if I require a Kerberos -ticket in through apache2.
> However, I would like to either have the people type their username /
> password in the HTML-Login form
> or click a button to login with the Kerberos ticket.

I'd suggest either two Virtual Hosts, one which does the kerberos
tickets, or one domain using Satisfy so that people without kerberos
tickets drop through to RT's login.

Have you reviewed 
http://bestpractical.com/docs/rt/latest/authentication
Your technique of copying and fiddling with Login.html seems much more
complicated that it's needed to be for anyone that we've set this up
for before.  Most of the time folks just have a button on the normal
login page that runs them off to the shib or kerb auth points and then
back again and then RT notices you have REMOTE_USER and you're good to
go.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 221 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20141111/f46c5431/attachment.pgp>


More information about the rt-users mailing list