External authorization in RT

Hello,

I’ve sucessfuly installed RT. It works perfect:-) Right now I’m trying to
configure RT with external authorization (Windows NT domain). I made some
changes in RT_Config.pm:

Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);

I’ve also made changes to httpd.conf:

<VirtualHost 10.107.10.3>
ServerAdmin mbiernacki@nodomain.com
DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8
ServerName helpdesk.nodomain.com
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl

SetHandler perl-script
PerlHandler RT::Mason
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm
require valid-user
PerlAddVar ntdomain "EDP PLWAWMPDC01"
PerlAddVar defaultdomain EDP
PerlAddVar fallbackdomain EDP
PerlSetVar ntlmsemkey 0
PerlSetVar splitdomainprefix 1

After these changes I can login into the web interface of RT. Unfortunately
I can not create new ticket using e-mail. The mail server tries to "login"
to the RT, but NTLM authentication is not supported.
Do you have any ideas or workaround?

Best regards
Michal

I think you can add next lines to prevent auth:

      <Location /NoAuth/>
              SetHandler perl-script
              PerlHandler RT::Mason
      </Location>

Biernacki, Michal wrote:

It doesn’t work:-/

Biernacki, Michal wrote:

It doesn’t work:-/

-----Original Message-----
From: Ruslan U. Zakirov [mailto:Ruslan.Zakirov@acronis.com]
Sent: Tuesday, September 21, 2004 4:58 PM
To: Biernacki, Michal
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] External authorization in RT

I think you can add next lines to prevent auth:

     <Location /NoAuth/>
             SetHandler perl-script
             PerlHandler RT::Mason
     </Location>

Biernacki, Michal wrote:

Hello,

I’ve sucessfuly installed RT. It works perfect:-) Right now

I’m trying

to configure RT with external authorization (Windows NT domain). I
made some changes in RT_Config.pm:

Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);

I’ve also made changes to httpd.conf:

<VirtualHost 10.107.10.3>
ServerAdmin mbiernacki@nodomain.com
DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8
ServerName helpdesk.nodomain.com
PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl

SetHandler perl-script
PerlHandler RT::Mason
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm
require valid-user
PerlAddVar ntdomain "EDP PLWAWMPDC01"
PerlAddVar defaultdomain EDP
PerlAddVar fallbackdomain EDP
PerlSetVar ntlmsemkey 0
PerlSetVar splitdomainprefix 1

After these changes I can login into the web interface of RT.
Unfortunately I can not create new ticket using e-mail. The

mail server tries to “login”

to the RT, but NTLM authentication is not supported.
Do you have any ideas or workaround?

Best regards
Michal


Here’s my pertinent httpd.conf snippet. Hope it helps.

FastCgiIpcDir /var/run/httpd/fastcgi
FastCgiServer /usr/local/rt3/bin/mason_handler.fcgi -idle-timeout 3600
-processes 5
<VirtualHost *:1080>
ServerName pippin.middleearth.prv:1080
DocumentRoot /usr/local/rt3/share/html

AddHandler fastcgi-script fcgi
Alias /NoAuth/images/ /usr/local/rt3/share/html/NoAuth/images/
ScriptAlias / /usr/local/rt3/bin/mason_handler.fcgi/

SetHandler fastcgi-script
  AllowOverride None
  order allow,deny
  allow from all

  AuthName "Request Tracker"
  AuthType Kerberos        
  Krb5Keytab /etc/krb5.keytab
  KrbAuthRealms MIDDLEEARTH.PRV
  KrbSaveCredentials off
  KrbVerifyKDC off

  Require valid-user

<Location “/NoAuth”>
Satisfy Any
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
Allow from 127.0.0.1,172.16.1.27

<Location “/NoAuth/images”>
SetHandler default-handler

<Location “/REST/1.0/NoAuth”>
Satisfy Any
Options FollowSymLinks Indexes ExecCGI
AllowOverride None
Order deny,allow
Allow from 127.0.0.1,172.16.1.27