Ok, after playing around for a while more I am at a state where it
appears pubcookie detects that I have no cookie, redirects me to the
login server, cookie is set, browser is redirected back to my rt server,
pubcookie can see a session cookie and then I get dropped to the rt
login page. It seems rt is mangling something once I get redirected
back (perhaps due to me mangling something in config). Debian etch,
apache2, mod_fastcgi, rt 3.8.0
First is there a page inside RT I can look at to see what it thinks the
Apache Variables being presented are? When I go to a test-site the
authentication sets up the REMOTE_USER as I expect but I want to be sure
in this site it is correct.
Second I include my Virtualhost config and RT_Siteconfig for
scrutiny/mocking. J
<VirtualHost *:443>
ServerAdmin nos@ualberta.ca
ServerName myfqdn.com
ErrorLog /var/log/apache2/nosticket-error
CustomLog /var/log/apache2/nosticket-access_log common
LogLevel debug
SSLEngine on
SSLCertificateFile /etc/ssl/certs/myfqdn.com.crt
SSLCertificateKeyFile /etc/ssl/private/myfqdn.com.key
DocumentRoot /usr/local/encap/rt-3.8.0/share/rt3/html
PubcookieGrantingCertFile
/usr/local/pubcookie/keys/pubcookie-granting.cert
PubcookieSessionKeyFile /etc/ssl/private/server.key
PubcookieSessionCertFile /etc/ssl/certs/nosticket.crt
PubcookieKeyDir /usr/local/pubcookie/keys/
PubcookieLogin https://weblogin.mydomain.com/
PubcookieLoginMethod POST
PubcookieAuthTypeNames NETID
PubCookiePostURL /index.html
AddHandler fastcgi-script fcgi
ScriptAlias / /usr/local/encap/rt-3.8.0/bin/mason_handler.fcgi/
<Directory "/">
Options FollowSymLinks
AllowOverride AuthConfig
</Directory>
<Directory "/usr/local/encap/rt-3.8.0/share/rt3/html">
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
AuthType NETID
Require group NetOps
AuthGroupFile /etc/apache2/sites-available/nos-groupfile
</Directory>
<Location /*>
AddDefaultCharset UTF-8
SetHandler fastcgi-script
AuthType NETID
AuthName NetOpsRT
Require group NetOps
AuthGroupFile /etc/apache2/sites-available/nos-groupfile
</Location>
<Location /NoAuth >
satisfy any
AuthType none
order deny,allow
allow from all
</Location>
RT_Siteconfig
Set($rtname , “myrtname”);
Set($Organization , “myorg”);
Set($Timezone , ‘Canada/Mountain’);
Set($DatabaseHost , ‘mydbfqdn.com’);
Set($DatabaseUser , ‘nos’);
Set($DatabasePassword , ‘rtsucks’);
Set($DatabaseName , ‘nosticket’);
Set($OwnerEmail , ‘richmond@ualberta.ca’);
Set($WebBaseURL, ‘https://myfqdn.com’);
Set($WebPort, ‘443’);
Set($WebImagesURL, $WebURL.‘/NoAuth/images/’);
Set($WebSecureCookies, 1);
Set($LogToSyslog , undef);
Set($LogToScreen , ‘error’);
Set($LogToFile , ‘debug’);
Set($LogDir, ‘/var/log/rt3’);
Set($LogToFileNamed , “rt.log”); #log to rt.log
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth, true);
Set($WebExternalAuto, 0);
1;
Raymond Richmond phone:(780)492-9327
Team Lead, Network Operations Group fax:(780)492-1729
AICT email:raymond.richmond@ualberta.ca
103A General Services Building
Edmonton, Alberta
Canada T6G 2H1
Omnia mutantur nihil interit
This communication is intended for the use of the recipient to which it
is addressed, and may contain confidential, personal, and/or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication. If you are not the intended recipient
of this communication, do not copy, distribute, or take action on it.
Any communication received in error, or subsequent reply, should be
deleted or destroyed.