So I am trying to see if I can understand how to use WebExternalAuth.
In /etc/apache2/sites-available/default I have:
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms DOMAIN.COM
KrbServiceName HTTP
Krb5Keytab /etc/apache2/krb5.keytab
KrbMethodK5Passwd on
KrbDelegateBasic on
Require valid-user
</Directory>
Then in RT_SiteConf.pm I added
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);
When I try to login as the root user, I am told it does not exist in kerberos:
[Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115]
krb5_get_init_creds_password() failed: Client not found in Kerberos
database
Would anyone know why it is not checking if rt knows of this user
internally (as opposite to through kerberos)?
So I am trying to see if I can understand how to use WebExternalAuth.
In /etc/apache2/sites-available/default I have:
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms DOMAIN.COM
KrbServiceName HTTP
Krb5Keytab /etc/apache2/krb5.keytab
KrbMethodK5Passwd on
KrbDelegateBasic on
Require valid-user
</Directory>
Then in RT_SiteConf.pm I added
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);
When I try to login as the root user, I am told it does not exist in kerberos:
[Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115]
krb5_get_init_creds_password() failed: Client not found in Kerberos
database
Would anyone know why it is not checking if rt knows of this user
internally (as opposite to through kerberos)?
I suspect you need a Satisfy line in your apache config to allow it
through kerberos to the normal RT login screen.
-kevin
So I am trying to see if I can understand how to use WebExternalAuth.
In /etc/apache2/sites-available/default I have:
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms DOMAIN.COM
KrbServiceName HTTP
Krb5Keytab /etc/apache2/krb5.keytab
KrbMethodK5Passwd on
KrbDelegateBasic on
Require valid-user
</Directory>
Then in RT_SiteConf.pm I added
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);
When I try to login as the root user, I am told it does not exist in kerberos:
[Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115]
krb5_get_init_creds_password() failed: Client not found in Kerberos
database
Would anyone know why it is not checking if rt knows of this user
internally (as opposite to through kerberos)?
I suspect you need a Satisfy line in your apache config to allow it
through kerberos to the normal RT login screen.
Thanks for the suggestion! I just tried "Satisfy any" and after
I restarted apache, I was able to login as root. Unfortunately I then
was not able to login as a kerberos user. In fact, it now cheerfully
ignores the TGT.
I know I am missing a step somewhere…