External auth

jesse> I’ll ponder this. Do people who want an external authentication
jesse> mechanism want it in addition to rt internal authentication or instead
jesse> of it? Additionally, will all users use the external mechanism or
jesse> only some users?

I have two installations (in two places), both would benefit from external
authentication.

One installation would strongly prefer all users to use the external
system.

The other installation could live with all users external, but it would be
slightly easier to have a mixture. If the mixture option is harder, we’d
gladly forgo that for the capability to do external auth.

jesse> I’ll ponder this. Do people who want an external authentication
jesse> mechanism want it in addition to rt internal authentication or instead
jesse> of it? Additionally, will all users use the external mechanism or
jesse> only some users?

I have two installations (in two places), both would benefit from external
authentication.

External authentication would be good here, too -- we're already
using kerberos inside of apache-ssl, so it'd make sense for any 
web-based applications running on that server to use the same 
form of authentication.

J.D. Falk "Laughter is the sound
Product Manager that knowledge makes when it’s born."
Mail Abuse Prevention System LLC – The Cluetrain Manifesto

-----BEGIN PGP SIGNED MESSAGE-----

ok, I think I just need another pair of eyes to look at this, I dunno wtf I’m
doing wrong…

When I access webrt, I get prompted by the web server to log in, punch in my
login and pw from radius, and it lets me through… right to the web rt
screen where you put in your username and pw.

grep -i ‘^[^#].*webextern’ RT_Config.pm

Set($WebExternalAuth , “true”);
Set($WebExternalGecos , undef);
Set($WebExternalAuto , undef);

<VirtualHost 192.168.1.231>
ServerName rt.andy.gwi
DocumentRoot /opt/rt3/share/html
AddDefaultCharset UTF-8
AddRadiusAuth radiusserver:1812 xxxxxsnipxxxxx

## this line applies to Apache2+mod_perl2 only
#PerlModule Apache2 Apache::compat

PerlModule Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl

<Location />
    SetHandler perl-script
    PerlHandler RT::Mason
</Location>


<Directory /opt/rt3/share/html/>
    AuthRadiusAuthoritative on
    AuthRadiusCookieValid 480
    AuthName "WebRT"
    AuthType Basic

    AuthGroupFile /usr/local/etc/apache/auth/webrt.group
    AuthUserFile /usr/local/etc/apache/auth/webrt.auth

    require group gwi
    Options FollowSymLinks +Includes ExecCGI MultiViews
    AllowOverride AuthConfig Limit
</Directory>

Running rt-3.0.0, apache-1.3.27, freebsd 4.7…

Andy Harrison
Great Works Internet
System Operations
ajharrison@gwi.net
RSA 1024 pgp key: http://www.nachoz.com/andy.pub

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQCVAwUBPoNI6lPEkLgodAWVAQHNmQP+LPP+vD5+pa+Gqm8+HT751BO8CqWoVd4C
efdh/mu9KpE3TBbhT6NYqu7BZ4f3giWYprurPSKf8V4ngl1rmtpea61F2+P63PJ/
j/Et9Lcwu1Gh3OpupkcIL7EKuxocns0huu51OKcLCBFl6OkqJOPqXd1PEeVln5e/
tCJfAlll4LM=
=jVNA
-----END PGP SIGNATURE-----