WebExternal* and invisible users

I have a feeling that the answer to this question is buried in the documentation, but since I’ve failed to locate it here goes nothing.

RT4 is working great on my system, and I’m trying to hook it into our existing Kerberos infrastructure. Apache is happily handling the “Basic Auth over HTTPS” side of things, and I’ve set…

Set( $WebExternalAuth, 1 );
Set( $WebExternalAuto, 1 );
Set( $WebFallbackToInternalAuth, 1) ;

… in RT_SiteConfig.pm

My users can log in, and according to my poking around in the database they are being added to the “users” table. What I need to figure out now is:

a) how to “promote” my own account to be the equivalent of root
b) how to manipulate other accounts

When I disable WebExternalAuth and log in as root, none of the automatically-created accounts are visible. This makes it hard to change their settings! Interestingly even they can’t change their settings.

My use case is that I teach a number of university courses, and I’d like to have queues that correspond to different courses, assignments, etc. Students would be able to submit tickets (e.g. regrade requests, etc.) and my TAs would be assigned to work on the tickets. I want to do the absolute minimum administration, which is why the WebExternal* features look so promising.

I’ve assumed that my student would be non-staff users, and my TAs staff users, but I clearly haven’t figured out how to make that happen (or if that’s the right approach). Any suggestions would be most welcome!

Senior Lecturer in Engineering Design Education
Division of Engineering Science
University of Toronto