I’d very much love to see these patches.
Turns out it is too simple for a patch.
Just add the following to ‘/usr/bin/rt’:
use LWP::Authen::Negotiate;
It is a plugin to LWP and the LWP::UserAgent will use it automatically
as needed.
I have tested it and it works well. All the normal single sign on
goodness and convenience.
I just have one line in my ~/.rtrc
$ cat .rtrc
server
$ rt ls “Subject like ‘tax’”
21: Get 2005 taxes done
My Apache server is using mod_auth_kerb to authenticate access to RT.
I believe that LWP::Authen::Negotiate will be uploaded to CPAN within
the next two days. It has one other dependency.
Dax Kelson
Guru Labs
I just have one line in my ~/.rtrc
$ cat .rtrc
server
It turns out that if you have no .rt_sessions file then you will get
prompted for a password (which you can just press on).
To avoid the password prompt, have two lines in your ~/.rtrc:
server Your-RT-URL
passwd ‘’
Works great.
Dax Kelson
Guru Labs
use LWP::Authen::Negotiate;
As of today, the required perl modules are now on CPAN.
LWP::Authen::Negotiate 0.05 or higher
GSSAPI 0.18 or higher
I’ve tested and it works great.
Dax Kelson
Guru Labs
Is anyone using LWP::Authen::Negotiate with RT 5?
I tried as the poster suggested (from way back in '06) to add the include to rt-server but that didn’t make a lick of difference, in addition setting did no help -
Set( $WebExternalAuth, 1 );
Set( $WebExternalAuto, 1 );
Set( $WebExternalGecos, undef );
Actually nevermind, I found this URL and this explains exactly what you need to do… There’s lines in ExternalAuth.pm that need to be patched to make GSSAPI less commonly known as $_SERVER[‘AUTH_TYPE’] = Negotiate work correctly.
https://rt-wiki.bestpractical.com/wiki/Kerberos_SSO_with_Active_Directory_Integration
It would be really nice if this was integrated with the product but for now I created a copy of the patched lib under the “local” directory prefix.