Hi, http://www.gossamer-threads.com/lists/apache/dev/370306
On Wed, Sep 4, 2013 at 10:37 AM, Oliver Weinmann < oliver.weinm...@telespazio-vega.de> wrote: > Hi,**** > > ** ** > > there are these settings in RT:**** > > ** ** > > # tells RT to use the REMOTE_USER provided by the web server**** > > Set($WebExternalAuth , 1);**** > > **** > > # tells RT to display its normal login screen if REMOTE_USER fails**** > > Set($WebFallbackToInternalAuth , 1);**** > > **** > > # tells RT to create users automatically if no user matching REMOTE_USER > is found**** > > Set($WebExternalAuto , 1);**** > > ** ** > > I have them all set except the last one as we use LDAPImport. So I would > expect RT to not drop the REMOTE_USER. Or is this obsolete?**** > > ** ** > > Best Regards,**** > > Oliver**** > > *From:* ruslan.zaki...@gmail.com [mailto:ruslan.zaki...@gmail.com] *On > Behalf Of *Ruslan Zakirov > *Sent:* Dienstag, 3. September 2013 21:47 > *To:* Oliver Weinmann > *Cc:* rt-users@lists.bestpractical.com > *Subject:* Re: [rt-users] RT 4.0.4 behind Apache Reverse Proxy with > mod_auth_kerb**** > > ** ** > > Hi,**** > > ** ** > > Why do you expect remote server where you host RT to respect REMOTE_USER > and not to drop it? If a web server would pass remotely provided > REMOTE_USER further to an app without additional configuration then we > wouldn't use it for authentication.**** > > ** ** > > On Mon, Sep 2, 2013 at 5:14 PM, Oliver Weinmann < > oliver.weinm...@telespazio-vega.de> wrote:**** > > Hi all,**** > > **** > > we have successfully setup RT 4.0.4 with ldap_import and mod_auth_kerb. > Now we need to get the setup running through our reverse proxy.**** > > **** > > What we have on our reverse proxy is this:**** > > **** > > ProxyPass /rt/ http://hostname.local/rt/ max=100**** > > ProxyPassReverse /rt/ http://hostname.local/rt/**** > > **** > > RedirectMatch ^/$ /rt/**** > > **** > > # Proxy all locations**** > > <Proxy *>**** > > AddDefaultCharset off**** > > Order deny,allow**** > > Deny from none**** > > </Proxy>**** > > **** > > **** > > <Location /rt>**** > > AuthType Kerberos**** > > AuthName "Kerberos Login"**** > > KrbAuthRealms KRB5.LOCAL**** > > Krb5KeyTab /etc/apache2/host.keytab**** > > KrbMethodNegotiate on**** > > KrbAuthoritative on**** > > KrbMethodK5Passwd off**** > > KrbSaveCredentials on**** > > require valid-user**** > > **** > > # SSO**** > > RewriteEngine On**** > > RewriteCond %{LA-U:REMOTE_USER} (.+)$**** > > RewriteRule . - [E=RU:%1]**** > > RequestHeader set REMOTE_USER %{RU}e**** > > **** > > </Location>**** > > **** > > Running tcpdump we can see that REMOTE_USER is set and send to the host > hosting RT. It looks like RT is not picking it up. As far as I understood > is that my user gets authenticated at the proxy and RT should trust these > credentials and log in the user.**** > > > > **** > > ** ** > > -- > Best regards, Ruslan. **** > -- Best regards, Ruslan.