[rt-users] Combining Apache Auth with RT:Authen:External overlays
Hi, I've been trying to get this to work for a bit, but am not having any luck. o What I would like is to use Apache authentication via LDAP, so that all the apps on our server running RT are using the same auth system. o Then I would like to use an LDAP overlay so that users are driven with current information from our LDAP system. So far, I've had RT-Authen-ExternalAuth working, but not in combination with Apache Auth. RT External Auth works fine, but forces people to log in multiple times to the system, once for Apache and once for RT. The way users are handled inside RT-Authen-ExternalAuth is excellent and ideal for my case. Is there any way to tie this to Apache Basic Auth? I would use an LDAP overlay, but all the docs seem to have been pulled from the wiki and now point back to the RT-Authen-ExternalAuth module. I'm running the latest 3.8 RT with 0.08 RT-Authen-ExternalAuth. My other option appears to be to use an SSO cookie auth system and protect my server that way and get RT-Authen-ExternalAuth to use the cookie. I was really trying to avoid this however as it is massive overkill, well IMO. Thanks for your time, Dave ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Combining Apache Auth with RT:Authen:External overlays
For our area which is essentially the datacentre staff, we have a variety of applications, such as nagios, (hopefully) request tracker, a blog, wiki, fileshare etc etc all running of a single webserver that forms the "home" of our activities and documentation. I'd like to reduce it to a single login to get on and move around freely. Though even as I explain it, it is going to make more sense with an SSO solution. I might take another look at webauth. It's one more thing to run, but may be simpler in total. Thanks, Dave -Original Message- From: Ruslan Zakirov [mailto:ruslan.zaki...@gmail.com] Sent: Thursday, 8 October 2009 6:07 PM To: David Nillesen Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Combining Apache Auth with RT:Authen:External overlays David, Do you use some SingleSignOn solution? If it's not the case then why do you need apache auth at all? On Thu, Oct 8, 2009 at 4:51 AM, David Nillesen wrote: > Hi, > > > > I’ve been trying to get this to work for a bit, but am not > having any luck. > > > > o What I would like is to use Apache authentication via LDAP, so that all > the apps on our server running RT are using the same auth system. > > o Then I would like to use an LDAP overlay so that users are driven with > current information from our LDAP system. > > > > So far, I’ve had RT-Authen-ExternalAuth working, but not in combination with > Apache Auth. RT External Auth works fine, but forces people to log in > multiple times to the system, > > once for Apache and once for RT. The way users are handled inside > RT-Authen-ExternalAuth is excellent and ideal for my case. > > > > Is there any way to tie this to Apache Basic Auth? > > > > I would use an LDAP overlay, but all the docs seem to have been pulled from > the wiki and now point back to the RT-Authen-ExternalAuth module. > > > > I’m running the latest 3.8 RT with 0.08 RT-Authen-ExternalAuth. > > > > My other option appears to be to use an SSO cookie auth system and protect > my server that way and get RT-Authen-ExternalAuth to use the cookie. I was > really trying to avoid this however as it is massive overkill, well IMO. > > > > Thanks for your time, > > Dave > > > > ___ > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users > > Community help: http://wiki.bestpractical.com > Commercial support: sa...@bestpractical.com > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com > -- Best regards, Ruslan. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.7/2421 - Release Date: 10/07/09 20:49:00 ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] ExternalAuth 'environment' type
What happened to the ExternalAuth 'environment' type of authentication? Took me a while to work out it appears to have dissappeared between 0.08 and 0.09. I've cut'n'pasted the relevant 10 lines or so back into 0.09 on my RT 4.0.1 install and I'm off again. Does anyone know the rationale for it's removal? maybe I've done a bad thing? Thanks, Dave 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] ExternalAuth 'environment' type
> Running
>
> git diff 0.08..0.09 | grep -i environment
>
> in the rt-authen-externalauth git repo doesn't find me any results.
> Did you perhaps have a local mod?
>
> If you're referring to REMOTE_USER that's something that RT handles
> without an extension.
>
> -kevin
Wow, OK. Apparently I need to work on my documentation a bit more.
I've done this:
root@arty [PROD] /apps/rt/local/# diff
/apps/build/RT-Authen-ExternalAuth-0.09/lib/RT/Authen/ExternalAuth.pm
plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm
77a78,90
>
> #
> # Environment Check #
> #
> if ($config->{'type'} eq 'environment') {
> # Check for the appropriate environment variable and
> # trust it
> if (defined($config->{'name'})) {
> $RT::Logger->debug( "Retreiving environment variable
> ",$config->{'name'} );
> $username = $ENV{$config->{'name'}};
> $RT::Logger->debug( "username retrieved is \"$username\"" );
> }
> }
It adds configurable element for an environment variable that contains
a username to be trusted. From memory my plans were to use webauth
eventually via the apache module/plugin.
The only thing I can think of is that I liked the LDAP mapping
features of externalauth better then the core features.
Feel free to use the patch if you think it is in any way useful. My
apologies if I have copied it from someone else, but I honestly don't
remember how I got to this point :)
Cheers,
Dave
2011 Training: http://bestpractical.com/services/training.html
