RT External Authenticated user permission

Jin_Fang · August 17, 2010, 5:42pm

Hello,

I am very new to RT and just finished setting up RT(3.8) working with external pubcookie authentication.
So the user will be created automatically and logged into self service after passing the authentication with our pubcookie server.
However, I am not be able to grant and manage user permission/privilege as I can’t log into RT as root user any more(because
pubcookie server doesn’t store RT root user information).

How can I proceed with all the administrative task?

Thanks
Jin

Konstantin_Khomoutov · August 17, 2010, 6:09pm

I am very new to RT and just finished setting up RT(3.8) working with
external pubcookie authentication. So the user will be created
automatically and logged into self service after passing the
authentication with our pubcookie server. However, I am not be able
to grant and manage user permission/privilege as I can’t log into RT
as root user any more(because pubcookie server doesn’t store RT root
user information).

How can I proceed with all the administrative task?
I asked almost the same question on the IRC recently (we’re using
external web auth via winbind), and Kevin Falcone offered a solution:
create another virtual host serving the same RT instance and turn off
mandatory authentication for it. That worked for me.
That is, we have “rt.domain.local” as the “worker” virtual host, on
which mandatory authentication via web server is turned on, users are
auto-created so it has the problem you stated, and
“rt-admin.domain.local” as the “administrative” virtual host which has
web authentication turned off and hence permits “normal” logons.

Jin_Fang · August 19, 2010, 2:56pm

This is awesome and solves my problem!
Thanks!
Jin-----Original Message-----
From: Konstantin Khomoutov [mailto:kostix@77msk.ru]
Sent: Tuesday, August 17, 2010 2:10 PM
To: Jin Fang
Cc: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] RT External Authenticated user permission

On Tue, 17 Aug 2010 13:42:16 -0400 Jin Fang jin.fang@utoronto.ca wrote:

I am very new to RT and just finished setting up RT(3.8) working with
external pubcookie authentication. So the user will be created
automatically and logged into self service after passing the
authentication with our pubcookie server. However, I am not be able
to grant and manage user permission/privilege as I can’t log into RT
as root user any more(because pubcookie server doesn’t store RT root
user information).

How can I proceed with all the administrative task?
I asked almost the same question on the IRC recently (we’re using
external web auth via winbind), and Kevin Falcone offered a solution:
create another virtual host serving the same RT instance and turn off
mandatory authentication for it. That worked for me.
That is, we have “rt.domain.local” as the “worker” virtual host, on
which mandatory authentication via web server is turned on, users are
auto-created so it has the problem you stated, and
“rt-admin.domain.local” as the “administrative” virtual host which has
web authentication turned off and hence permits “normal” logons.