CLI and External Auth

The attached patch adds an “extauth” configuration option to the RT
environment, and the rtrc file, for folks using RT with ExternalAuth.

adding “extauth basic” to your .rtrc file will cause the rt cli to send
credentials via http basic authentication, instead of in the rest
request. Currently, only basic auth is supported.

Is there a better way to accomplish this? comments welcome.

–Marc.

Marc “Muncus” Dougherty
Security Guerilla
Northeastern University
College of Computer and Information Science

extauth.diff (1.75 KB)

Putting the credentials in the URL will work today.

https://user:pass@host/

in your RT CLI config file.On Fri, May 28, 2004 at 01:56:38PM -0400, Marc Dougherty wrote:

The attached patch adds an “extauth” configuration option to the RT
environment, and the rtrc file, for folks using RT with ExternalAuth.

adding “extauth basic” to your .rtrc file will cause the rt cli to send
credentials via http basic authentication, instead of in the rest
request. Currently, only basic auth is supported.

Is there a better way to accomplish this? comments welcome.

–Marc.


Marc “Muncus” Dougherty
Security Guerilla
Northeastern University
College of Computer and Information Science

Index: rt.in

— rt.in (revision 976)
+++ rt.in (working copy)
@@ -49,6 +49,7 @@
server => ‘http://localhost/rt/’,
query => undef,
orderby => undef,

  •    extauth => undef,
    

    ),
    config_from_file($ENV{RTCONFIG} || “.rtrc”),
    config_from_env()
    @@ -751,7 +752,7 @@
    }

    Should we send authentication information to start a new session?

  • if (!defined $session->cookie) {
  • if (!defined $session->cookie and not $config{extauth} ) {
    push @$data, ( user => $config{user} );
    push @$data, ( pass => $config{passwd} || read_passwd() );
    }
    @@ -765,6 +766,16 @@
    }
    $session->add_cookie_header($req);

  • External Auth.

  • if ($config{extauth}){

  •    #hold on to the passwd, in case we're in shell mode.
    
  •    $config{passwd} ||= read_passwd();
    
  •    if(lc($config{extauth}) eq 'basic'){
    
  •        $req->authorization_basic($config{user}, $config{passwd});
    
  •    }
    
  • }

  • Then we send the request and parse the response.

    DEBUG(3, $req->as_string);
    my $res = $ua->request($req);
    @@ -1105,7 +1116,7 @@
    sub config_from_env {
    my %env;

  • foreach my $k (“DEBUG”, “USER”, “PASSWD”, “SERVER”, “QUERY”, “ORDERBY”) {
  • foreach my $k (“DEBUG”, “USER”, “PASSWD”, “SERVER”, “QUERY”, “ORDERBY”, “EXTAUTH”) {
    if (exists $ENV{“RT$k”}) {
    $env{lc $k} = $ENV{“RT$k”};
    }
    @@ -1156,7 +1167,7 @@
    chomp;
    next if (/^#/ || /^\s*$/);
  •        if (/^(user|passwd|server|query|orderby)\s+(.*)\s?$/) {
    
  •        if (/^(user|passwd|server|query|orderby|extauth)\s+(.*)\s?$/) {
               $cfg{$1} = $2;
           }
           else {
    

Rt-devel mailing list
Rt-devel@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

Jesse Vincent wrote:

Putting the credentials in the URL will work today.

https://user:pass@host/

Realize that this is NOT secure since the URL is not encrypted when
sent to the server. If your using https because you care about security
this may not be a good idea.

SteveN

Ignore that. Wrong protocol, SSL is at the socket level so it is
encrypted. Brains kinda turned off on a friday.

SteveN

neruda@lithik.com wrote:

Realize that this is NOT secure since the URL is not encrypted when
sent to the server. If your using https because you care about security
this may not be a good idea.

Realize also that this is a convention used within the LWP library. It
transforms the URL and yanks out the credentials into an HTTP header
before sending.