Dave Sill wrote:
OK… So how does one make auth_pam work with RT?
-Dave
You should be able to piece it together from the docos on the RT Wiki,
but to save you some trouble, and because the relevant sections of the
wiki can be confusing, here is what I did on FreeBSD 5.4. I’m using
FastCGI, because I’m running Apache 2. Here is the relevant section of
my httpd.conf
Request Tracker Web Interface Settings
DocumentRoot “/usr/local/rt3/share/html/”
FastCgiIpcDir /tmp
FastCgiServer /usr/local/rt3/bin/mason_handler.fcgi -idle-timeout 60
-processes 5
AddHandler fastcgi-script fcgi fcgi fgi
AddDefaultCharset UTF-8
SetHandler fastcgi-script
<Directory / >
AuthType Basic
AuthName “Domain”
AuthPAM_Enabled on
require valid-user
Order deny,allow
AllowOverride All
Options ExecCGI FollowSymLinks
For No-Auth testing (comment above Auth )
Order allow,deny
Allow from All
Alias /NoAuth/images/ /usr/local/rt3/share/html/NoAuth/images/
<Location /NoAuth/images >
SetHandler default-handler
ScriptAlias / /usr/local/rt3/bin/mason_handler.fcgi/
Alias /NoAuth/ /usr/local/rt3/share/html/NoAuth/
<Location /NoAuth >
satisfy any
allow from all
Alias /REST/1.0/NoAuth/ /usr/local/rt3/share/html/REST/1.0/NoAuth/
<Location /REST/1.0/NoAuth >
satisfy any
allow from all
You may also have to tell PAM what to do about Apache.
Here is my /etc/pam.d/httpd file:
auth
auth required pam_nologin.so no_warn
auth sufficient /usr/local/lib/pam_ldap.so
auth sufficient pam_opie.so no_warn
no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth required pam_unix.so no_warn
try_first_pass
account
account sufficient /usr/local/lib/pam_ldap.so
account required pam_login_access.so
account required pam_unix.so
session
session required pam_permit.so
password
password required pam_unix.so no_warn
try_first_pass
Perfection is just a word I use occasionally with mustard.
–Atom Powers–
Systems Administrator
DigiPen Institute of Technology
(425) 895-4443