Combining Apache Auth with RT:Authen:External overlays

Hi,

            I've been trying to get this to work for a bit, but am not having any luck.

o What I would like is to use Apache authentication via LDAP, so that all the apps on our server running RT are using the same auth system.

o Then I would like to use an LDAP overlay so that users are driven with current information from our LDAP system.

So far, I’ve had RT-Authen-ExternalAuth working, but not in combination with Apache Auth. RT External Auth works fine, but forces people to log in multiple times to the system,
once for Apache and once for RT. The way users are handled inside RT-Authen-ExternalAuth is excellent and ideal for my case.

Is there any way to tie this to Apache Basic Auth?

I would use an LDAP overlay, but all the docs seem to have been pulled from the wiki and now point back to the RT-Authen-ExternalAuth module.

I’m running the latest 3.8 RT with 0.08 RT-Authen-ExternalAuth.

My other option appears to be to use an SSO cookie auth system and protect my server that way and get RT-Authen-ExternalAuth to use the cookie. I was really trying to avoid this however as it is massive overkill, well IMO.

Thanks for your time,
Dave

1 Like

David,

Do you use some SingleSignOn solution? If it’s not the case then why
do you need apache auth at all?On Thu, Oct 8, 2009 at 4:51 AM, David Nillesen dnillese@une.edu.au wrote:

Hi,

            I’ve been trying to get this to work for a bit, but am not

having any luck.

o What I would like is to use Apache authentication via LDAP, so that all
the apps on our server running RT are using the same auth system.

o Then I would like to use an LDAP overlay so that users are driven with
current information from our LDAP system.

So far, I’ve had RT-Authen-ExternalAuth working, but not in combination with
Apache Auth. RT External Auth works fine, but forces people to log in
multiple times to the system,

once for Apache and once for RT. The way users are handled inside
RT-Authen-ExternalAuth is excellent and ideal for my case.

Is there any way to tie this to Apache Basic Auth?

I would use an LDAP overlay, but all the docs seem to have been pulled from
the wiki and now point back to the RT-Authen-ExternalAuth module.

I’m running the latest 3.8 RT with 0.08 RT-Authen-ExternalAuth.

My other option appears to be to use an SSO cookie auth system and protect
my server that way and get RT-Authen-ExternalAuth to use the cookie. I was
really trying to avoid this however as it is massive overkill, well IMO.

Thanks for your time,

Dave


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

Best regards, Ruslan.

For our area which is essentially the datacentre staff, we have a variety of applications, such as nagios, (hopefully) request tracker, a blog, wiki, fileshare etc etc all running of a single webserver that forms the “home” of our activities and documentation.

I’d like to reduce it to a single login to get on and move around freely.

Though even as I explain it, it is going to make more sense with an SSO solution. I might take another look at webauth. It’s one more thing to run, but may be simpler in total.

Thanks,
DaveFrom: Ruslan Zakirov [mailto:ruslan.zakirov@gmail.com]
Sent: Thursday, 8 October 2009 6:07 PM
To: David Nillesen
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Combining Apache Auth with RT:Authen:External overlays

David,

Do you use some SingleSignOn solution? If it’s not the case then why
do you need apache auth at all?

Got it. You want SSO. Probably it’s easy to fix in ExternalAuth extension.On Thu, Oct 8, 2009 at 2:12 PM, David Nillesen dnillese@une.edu.au wrote:

For our area which is essentially the datacentre staff, we have a variety of applications, such as nagios, (hopefully) request tracker, a blog, wiki, fileshare etc etc all running of a single webserver that forms the “home” of our activities and documentation.

I’d like to reduce it to a single login to get on and move around freely.

Though even as I explain it, it is going to make more sense with an SSO solution. I might take another look at webauth. It’s one more thing to run, but may be simpler in total.

Thanks,
Dave

-----Original Message-----
From: Ruslan Zakirov [mailto:ruslan.zakirov@gmail.com]
Sent: Thursday, 8 October 2009 6:07 PM
To: David Nillesen
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] Combining Apache Auth with RT:Authen:External overlays

David,

Do you use some SingleSignOn solution? If it’s not the case then why
do you need apache auth at all?

On Thu, Oct 8, 2009 at 4:51 AM, David Nillesen dnillese@une.edu.au wrote:

Hi,

            I’ve been trying to get this to work for a bit, but am not

having any luck.

o What I would like is to use Apache authentication via LDAP, so that all
the apps on our server running RT are using the same auth system.

o Then I would like to use an LDAP overlay so that users are driven with
current information from our LDAP system.

So far, I’ve had RT-Authen-ExternalAuth working, but not in combination with
Apache Auth. RT External Auth works fine, but forces people to log in
multiple times to the system,

once for Apache and once for RT. The way users are handled inside
RT-Authen-ExternalAuth is excellent and ideal for my case.

Is there any way to tie this to Apache Basic Auth?

I would use an LDAP overlay, but all the docs seem to have been pulled from
the wiki and now point back to the RT-Authen-ExternalAuth module.

I’m running the latest 3.8 RT with 0.08 RT-Authen-ExternalAuth.

My other option appears to be to use an SSO cookie auth system and protect
my server that way and get RT-Authen-ExternalAuth to use the cookie. I was
really trying to avoid this however as it is massive overkill, well IMO.

Thanks for your time,

Dave


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


Best regards, Ruslan.

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.421 / Virus Database: 270.14.7/2421 - Release Date: 10/07/09 20:49:00

Best regards, Ruslan.