On Mon, Nov 21, 2011 at 03:57:30AM -0500, Mauricio Tavares wrote: > So I am trying to see if I can understand how to use WebExternalAuth. > In /etc/apache2/sites-available/default I have: > > DocumentRoot /var/www > <Directory /> > Options FollowSymLinks > AllowOverride None > > AuthType Kerberos > AuthName "Kerberos Login" > KrbAuthRealms DOMAIN.COM > KrbServiceName HTTP > Krb5Keytab /etc/apache2/krb5.keytab > KrbMethodK5Passwd on > KrbDelegateBasic on > Require valid-user > </Directory> > > Then in RT_SiteConf.pm I added > > Set($WebExternalAuth , 1); > Set($WebFallbackToInternalAuth , 1); > Set($WebExternalAuto , 1); > > When I try to login as the root user, I am told it does not exist in kerberos: > > [Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115] > krb5_get_init_creds_password() failed: Client not found in Kerberos > database > > Would anyone know why it is not checking if rt knows of this user > internally (as opposite to through kerberos)?
I suspect you need a Satisfy line in your apache config to allow it through kerberos to the normal RT login screen. -kevin
pgpwNA6VjIJau.pgp
Description: PGP signature
-------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011