Http authentication

Hi,

According to the RT features page, RT can “use your web server’s
existing authentication system” which I presume for Apache, it’s the
basic HTTP auth. Can anyone tell me how to do that rather than use
the RT database to grant user access?

Thanks,
Shuying

rt-users-bounces@lists.bestpractical.com wrote:

Hi,

According to the RT features page, RT can “use your web
server’s existing authentication system” which I presume for
Apache, it’s the basic HTTP auth. Can anyone tell me how to
do that rather than use the RT database to grant user access?

This isn’t actually documented in a useful way. :slight_smile:

Basically you set this in RT_SiteConfig.pm:

Set($WebExternalAuth , 1);

You will then want to deal with this issue:

http://wiki.bestpractical.com/index.cgi?FAQ

Q: I use WebExternalAuth to authenticate my users. When I turn it on
E-Mail to queues stop working with a “401 Authorization Required” error.
How can I make the mail gateway authenticate to the web server?

A: Turn off the authentication requirement for all “NoAuth” directories.
For Apache edit the server-wide httpd.conf file and add the folloing in
RT’s VirtualHost section (change the “/opt/rt3” to point to your
installation):

<Directory /opt/rt3/share/html/REST/1.0/NoAuth>
SetHandler perl-script
PerlHandler RT::Mason
satisfy any
allow from all

<Directory /opt/rt3/share/html/NoAuth>
SetHandler perl-script
PerlHandler RT::Mason
satisfy any
allow from all

Basically the “satisfy any” and “allow from all” directives ensure
that the NoAuth directories don’t get hit with authentication. Given
that the RT mail gateway works over HTTP this is important.

At that point, RT will bypass the authentication screen and treat
$REMOTE_USER as an RT user. If you create an RT user account for them
with privileges, then they can do stuff in RT, but their RT password is
ignored.

I haven’t done this yet, so YMMV. :slight_smile:

-brian