Hi,
I am currently testing RT3 internally so that we can migrate our RT2 installs
over at some point. The install has been painless (thanks to
FreeBSD’s /usr/ports) But what has stimied me has been the new (to RT3)
rt-mailgate.
It looks like it does basically a HTTP post to the web interface, and since we
put our app server behind various auth mechanisms (mod_auth_kerb and
mod_auth_pgsql) it has no way to post any messages to the application server
via HTTPD. I have been scowering Google for more info on how RT3’s
rt-mailgate works to get around this, but to no avail…
So:
a) can it talk over https?
b) how does it talk to the application server? (Even with
$WebFallbackToInternalAuth defined, it still throws up “An Error Occurred
================= 401 Authorization Required”) Is there a user I need to
add, etc?
Thanks in advance for any tips you can provide…
Best Wishes - Peter
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | “The bits must flow”
Hi Pete,
The URL is passed to LWP::UserAgent so if you’ve got SSL support built into
your LWP (usually so) you can use https, as for auth you can use
username:password@host form of the URL.–On Thursday, June 03, 2004 16:39 -0700 Peter Losher Peter_Losher@isc.org wrote:
Hi,
I am currently testing RT3 internally so that we can migrate our RT2
installs over at some point. The install has been painless (thanks to
FreeBSD’s /usr/ports) But what has stimied me has been the new (to RT3)
rt-mailgate.
It looks like it does basically a HTTP post to the web interface, and
since we put our app server behind various auth mechanisms
(mod_auth_kerb and mod_auth_pgsql) it has no way to post any messages to
the application server via HTTPD. I have been scowering Google for
more info on how RT3’s rt-mailgate works to get around this, but to no
avail…
So:
a) can it talk over https?
b) how does it talk to the application server? (Even with
$WebFallbackToInternalAuth defined, it still throws up “An Error Occurred
================= 401 Authorization Required”) Is there a user I need
to add, etc?
Thanks in advance for any tips you can provide…
Best Wishes - Peter
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | “The bits must flow”
GPG/PGP → 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
The URL is passed to LWP::UserAgent so if you’ve got SSL support built into
your LWP (usually so) you can use https, as for auth you can use
username:password@host form of the URL.
Thanks!
So based on this - I should create a RTMail user in RT, complete w/ a “local”
password, and the ability to comment/reply to messages, and then change the
–url tag to something like “https://RTMail:f00bat@/rt3/”
How with that affect incoming messages - will it have any new tickets it
creates set the requestor to RTMail or the original email address of the
sender?
-Peter
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | “The bits must flow”
We had a similar issue. However, since rt-mailgate and Apache run on the same
host, and since no non-admin users have logins on the host, our solution was to
edit Apache’s config to bypass authentication for requests coming from
localhost.
The URL is passed to LWP::UserAgent so if you’ve got SSL support built into
your LWP (usually so) you can use https, as for auth you can use
username:password@host form of the URL.
Thanks!
So based on this - I should create a RTMail user in RT, complete w/ a “local”
password, and the ability to comment/reply to messages, and then change the
–url tag to something like “https://RTMail:f00bat@/rt3/”
Really, you should be configuring Apache to not require authentication
for /NoAuth/ and /REST/1.0/NoAuth
How with that affect incoming messages - will it have any new tickets it
creates set the requestor to RTMail or the original email address of the
sender?
The original email address of the sender.
The URL is passed to LWP::UserAgent so if you’ve got SSL support built
into your LWP (usually so) you can use https, as for auth you can use
username:password@host form of the URL.
Thanks!
NP
So based on this - I should create a RTMail user in RT, complete w/ a
“local” password, and the ability to comment/reply to messages, and then
change the --url tag to something like
“https://RTMail:f00bat@/rt3/”
How with that affect incoming messages - will it have any new tickets it
creates set the requestor to RTMail or the original email address of the
sender?
It won’t affect them at all you’re just getting past apache in this path –
anything under NoAuth is just that in RT… RT::Interface:
:Gateway()
is what is getting executed (essentially – acutally it’s the mason
mail-gateway /usr/local/rt3/share/html/REST/1.0/NoAuth/mail-gateway in
FreeBSD) and it makes a run by the guts of the
RT::Interface::Auth::MailFrom package in order to figure out the
Auth, so that path ignores your REMOTE_USER.
And yeah it’s a bit convoluted but it works 
Hope that answers your question.
-Peter
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | “The bits must flow”
GPG/PGP → 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
Really, you should be configuring Apache to not require authentication
for /NoAuth/ and /REST/1.0/NoAuth
And if I need to restrict it further, I can always restrict it to the hostname
of the server and/or localhost.
Thanks to all who responded - Peter
Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | “The bits must flow”