No subject
Thu Oct 13 11:38:50 EDT 2022
# WEB_AUTH_MECHANISM defines what sort of authentication you'd like to use
# for the web ui. Valid choices are: "cookies" and "external". Cookies
# uses http cookies to keep track of authentication. External means that
# you will have configured your web server to prompt for the user's
# credentials and authenticate them before RT ever sees the request.
$web_auth_mechanism = "external";
#######################################################################
I use mod_auth_pam with this, which is a drop-in replacement for mod_auth,
but which uses PAM instead of just /etc/passwd. The advantage is that I
can use our distributed authentication system (kerberos, via pam_krb5
etc). The disadvantage is that I have no good way of expiring logins,
like one would if one were using cookies. Because HTTP doesn't support
logouts, once someone logs in, they stay logged in until the browser is
closed.
My wishlist for RT would include the ability to do initial authentication
via external auth mechanisms, but to have RT generate and track
authentication cookies to enable session expiry/logouts.
--Joe
More information about the rt-users
mailing list