AD/NT Authentication

I have managed to get Apache to Authenticate the RT site with the AD
server using Apache::AuthenSmb. (Thanks to Rick Rezinas for some hacks
to Smb.pm!) That only adds a second authentication to RT though. I’m
still getting the RT specific login screen. Can I tell it to use
Apache Authentication instead of it’s own somehow? I seem to remember
hearing this was possible, but haven’t been able to find information
in it through google or pushing around the wiki.

I expect it’s a setting somewhere. If it’s in a document, I’d prefer
to read my way through rather than waste you time. Just need a
pointer.

Thanks,
JSR/

make sure this is set in your RT SiteConfig file:

Set($WebExternalAuth , 1 );

rickOn Fri, 20 Feb 2004, Josiah Ritchie wrote:

I have managed to get Apache to Authenticate the RT site with the AD
server using Apache::AuthenSmb. (Thanks to Rick Rezinas for some hacks
to Smb.pm!) That only adds a second authentication to RT though. I’m
still getting the RT specific login screen. Can I tell it to use
Apache Authentication instead of it’s own somehow? I seem to remember
hearing this was possible, but haven’t been able to find information
in it through google or pushing around the wiki.

I expect it’s a setting somewhere. If it’s in a document, I’d prefer
to read my way through rather than waste you time. Just need a
pointer.

Thanks,
JSR/


rt-users mailing list
rt-users@lists.bestpractical.com
The rt-users Archives

Have you read the FAQ? The RT FAQ Manager lives at http://fsck.com/rtfm

Rick Rezinas
Unix Systems Administrator
Qsent, Inc.

When Gladstone was British Prime Minister he visited Michael Faraday’s
laboratory and asked if some esoteric substance called `Electricity’
would ever have practical significance.
“One day, sir, you will tax it,” was the answer.
– Science, 1994

Rick Rezinas scripted ::

make sure this is set in your RT SiteConfig file:

Set($WebExternalAuth , 1 );

That seemed to only work for users that I already have in the RT db.
You got me in the right place though. I found this and it finished it
all up.

Set($WebExternalAuto , 1);

Thanks for all your help Rick. You’ve been priceless getting this
thing running. :slight_smile: It would have taken me infinitely longer without
your help. I have one last thing with postfix, but I think I’ll take
that to the postfix list.

JSR/

Set($WebExternalAuth , 1 );

That seemed to only work for users that I already have in the RT db.
You got me in the right place though. I found this and it finished it
all up.

That’s correct, rt still needs to have its own concept of the
user. I’ve seen patches to make rt use an external user db, but I
tend to prefer having rt autocreate users as needed. There’s a setting
that controls whether rt autocreates authenticated web users, and an
overlayable function (in Interface/Web) that sets the user info.

seph

seph scripted ::

Set($WebExternalAuth , 1 );

That seemed to only work for users that I already have in the RT
db.> You got me in the right place though. I found this and it
finished it> all up.

That’s correct, rt still needs to have its own concept of the
user. I’ve seen patches to make rt use an external user db, but I
tend to prefer having rt autocreate users as needed. There’s a
setting that controls whether rt autocreates authenticated web users,
and an overlayable function (in Interface/Web) that sets the user
info.

Okay, so /opt/rt3/lib/RT/Interface/Web.pm is where I set default
permissions. I’m guessing that I want to set them when the user is
created in this subroutine (lines 162-192):

sub WebExternalAutoInfo {
my $user = shift;

my %user_info;

$user_info{'Privileged'} = 1;

if ($^O !~ /^(?:riscos|MacOS|MSWin32|dos|os2)$/) {
    # Populate fields with information from Unix /etc/passwd

    my ($comments, $realname) = (getpwnam($user))[5, 6];
    $user_info{'Comments'} = $comments if defined $comments;
    $user_info{'RealName'} = $realname if defined $realname;
}
elsif ($^O eq 'MSWin32' and eval 'use Net::AdminMisc; 1') {
    # Populate fields with information from NT domain controller
}

# and return the wad of stuff
return {%user_info};

}

}}}

I’m thinking if I new enough about perl I could pull what I want out
of User_Overlay to add into this and take care of it. Perhaps there is
a better way of doing this anyway. Any pointers or examples would be
appreciated. Thanks, JSR/