WebExternalAuth in config.pm

RT Users
1

I’m trying to write a ticket using an external cgi program which
posts the necessary fields to $RT-Host://Tickets/Display.html
(I don’t need to view the ticket afterwards, I just want to post
it to RT)

I can successfully post to a test cgi-script this way, however I
seem to be having problems authenticating in RT…

I have tried setting “WebExternalAuth” in the config.pm file (and
restarted Apache), and setting $REMOTE_USER to a valid RT account,
but it is still failing…

can anyone help me on this?

appreciate your time,

  • Richard

Richard Fedoriuk
Build Manager
Rogers iMedia
Ph: (416) 642-4826
rfedoriuk@imedia.rogers.com

2

Richard,

Do you have your apache configured for external authentication as well? It
needs to have “require valid-user” or similar set as well as the auth
directives that come with it (AuthUserFile, etc.). Is the userid in the
AuthUserFile identical to the userid within RT? Last, the password in RT
and the password in your external system are mutually exclusive. One has
nothing to do with the other.

Regards,
Christian

3

Thanks for your suggestion Christian, but it seems that RT is
not performing system-authentication…

I tried setting Apache as you outlined unsuccessfully, unless
I’m muddling the config file (likely)… have you been successful
in configuring RT for external auth?

Further, whenever I set WebExternalAuth in config.pm, I am unable
to log into RT using the conventional browser interface, getting
a “You are not an authorized user” message in RT…

FYI, here is the config I’m using:

<VirtualHost 10.3.251.166>
DocumentRoot /opt/rt2/WebRT/html
ServerName localhost
PerlModule Apache::DBI
PerlFreshRestart On
PerlRequire /opt/rt2/bin/webmux.pl

 <Directory /opt/rt2/WebRT/html>
   AuthUserFile /opt/rt2/rtremote
   require valid-user
 </Directory>

 <Location />
  SetHandler perl-script
  PerlHandler RT::Mason
 </Location>

with the AuthUserFile containing the same password as that is used in
RT, this was generated using htpasswd (also it happens to be same passwd
as the system passwd for same user in this case), and $REMOTE_USER has
been set to the same user…

any other suggestions welcome, thanks again…

  • Richard

Richard Fedoriuk
Build Manager
Rogers iMedia
Ph: (416) 642-4826
rfedoriuk@imedia.rogers.comFrom: rt-users-admin@lists.fsck.com
[mailto:rt-users-admin@lists.fsck.com]On Behalf Of Christian Gilmore
Sent: Wednesday, December 05, 2001 5:30 PM
To: rfedoriuk@rnm.ca; ‘Rt-Users’
Subject: RE: [rt-users] WebExternalAuth in config.pm

Richard,

Do you have your apache configured for external authentication as well? It
needs to have “require valid-user” or similar set as well as the auth
directives that come with it (AuthUserFile, etc.). Is the userid in the
AuthUserFile identical to the userid within RT? Last, the password in RT
and the password in your external system are mutually exclusive. One has
nothing to do with the other.

Regards,
Christian

-----Original Message-----
From: rt-users-admin@lists.fsck.com
[mailto:rt-users-admin@lists.fsck.com]On Behalf Of Richard Fedoriuk
Sent: Wednesday, December 05, 2001 1:57 PM
To: Rt-Users
Subject: [rt-users] WebExternalAuth in config.pm

I’m trying to write a ticket using an external cgi program which
posts the necessary fields to $RT-Host://Tickets/Display.html
(I don’t need to view the ticket afterwards, I just want to post
it to RT)

I can successfully post to a test cgi-script this way, however I
seem to be having problems authenticating in RT…

I have tried setting “WebExternalAuth” in the config.pm file (and
restarted Apache), and setting $REMOTE_USER to a valid RT account,
but it is still failing…

can anyone help me on this?

appreciate your time,

  • Richard

Richard Fedoriuk
Build Manager
Rogers iMedia
Ph: (416) 642-4826
rfedoriuk@imedia.rogers.com

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

4

Richard,

Yes, I successfully use external authentication with RT. I actually use an
external LDAP instead of a local file, but the behavior on RT’s side
should be identical as this difference is at a lower layer.

<VirtualHost 10.3.251.166>
DocumentRoot /opt/rt2/WebRT/html
ServerName localhost
PerlModule Apache::DBI
PerlFreshRestart On
PerlRequire /opt/rt2/bin/webmux.pl

 <Directory /opt/rt2/WebRT/html>
   AuthUserFile /opt/rt2/rtremote
   require valid-user
 </Directory>

 <Location />
  SetHandler perl-script
  PerlHandler RT::Mason
 </Location>

Perhaps you submitted an abridged version of your configuration file, but
AuthName and AuthType are required directives.

$REMOTE_USER has been set to the same user…

How did you verify this variable’s setting?

Regards,
Christian

Christian Gilmore
Team Lead
Web Infrastructure & Tools
IBM Software Group

5

Hi Christian…

still plugging away here,

re: "… > ‘$REMOTE_USER has been set to the same user…’

 How did you verify this variable's setting?..."

this might be the crux… I setup an ‘env.pl’ script and ran it,
there is no “REMOTE_USER” listing in the result…

at first, I just set REMOTE_USER in the profiles for root and
nobody… d-uh that didn’t work… tried setting it using a
tag in httpd.conf… nope

any suggestions how this can be set? the AuthUserFile etc is working
at the browser level (with additions as you pointed out), but still
no access via my external cgi-script…

again, appreciate your help very much,

  • Richard
    Richard Fedoriuk
    Build Manager
    Rogers iMedia
    Ph: (416) 642-4826
    rfedoriuk@imedia.rogers.comFrom: rt-users-admin@lists.fsck.com
    [mailto:rt-users-admin@lists.fsck.com]On Behalf Of Christian Gilmore
    Sent: Thursday, December 06, 2001 4:05 PM
    To: rfedoriuk@rnm.ca
    Cc: ‘Rt-Users’
    Subject: RE: [rt-users] WebExternalAuth in config.pm

Richard,

Yes, I successfully use external authentication with RT. I actually use an
external LDAP instead of a local file, but the behavior on RT’s side
should be identical as this difference is at a lower layer.

<VirtualHost 10.3.251.166>
DocumentRoot /opt/rt2/WebRT/html
ServerName localhost
PerlModule Apache::DBI
PerlFreshRestart On
PerlRequire /opt/rt2/bin/webmux.pl

 <Directory /opt/rt2/WebRT/html>
   AuthUserFile /opt/rt2/rtremote
   require valid-user
 </Directory>

 <Location />
  SetHandler perl-script
  PerlHandler RT::Mason
 </Location>

Perhaps you submitted an abridged version of your configuration file, but
AuthName and AuthType are required directives.

$REMOTE_USER has been set to the same user…

How did you verify this variable’s setting?

Regards,
Christian

Christian Gilmore
Team Lead
Web Infrastructure & Tools
IBM Software Group

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

6

In the documentation under Start Page, it says the workspace “is where
information about queues and tickets are displayed. By default, the top 25
tickets you own and the top 25 tickets your [sic] have requested are
summarized here…”

How can I change that default such that all tickets in the system are
displayed?

I apologize if this is obvious. I’ve looked for it to no avail.

TIA.

Dave Hull

Nothing so needs reforming as other people’s habits.
– Mark Twain

7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Try looking in /WebRT/html/Elements/My*

I haven’t changed any of these myself, but this looks like where you’d do
it…On Monday 10 December 2001 03:04 pm, Dave Hull wrote:

In the documentation under Start Page, it says the workspace “is where
information about queues and tickets are displayed. By default, the top 25
tickets you own and the top 25 tickets your [sic] have requested are
summarized here…”

How can I change that default such that all tickets in the system are
displayed?

I apologize if this is obvious. I’ve looked for it to no avail.

TIA.

Dave Hull
http://insipid.com

Nothing so needs reforming as other people’s habits.
– Mark Twain

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

Josh Krikke krikke@macatwa.org
MacNet Sysadmin Holland, MI
GnuPG Fingerprint: AC6F 13AC F945 CC45 BDFC 509E 8F41 9549 64DD 95DB
My public key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x64DD95DB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8FSCdj0GVSWTdldsRApz3AJ9N4vHDCDTm7ref0bTkv95ZZ0J0oQCgiYlD
1rWPNurUqV5gsoq+XgTFUgE=
=YkXN
-----END PGP SIGNATURE-----

8

Richard,

Can you please send an updated (and complete) version of your web service
configuration file(s)?

Thanks,
Christian

9

Hi Christian…

here’s the httpd.conf file setup for RT, the section I’ve
added for AuthUserFile is around line 290… I’ve also
included the files used for AuthUserFile and AuthGroupFile

just so it’s clear what I’m trying to do, I’ve included a
snippet of perl from the cgi script that is trying to make
the request, the request works when received by a test-recipient
cgi script…

as I mentioned, the web-based auth is working ok…

cheers,

  • Richard

Richard Fedoriuk
Build Manager
Rogers iMedia
Ph: (416) 642-4826
rfedoriuk@imedia.rogers.com-----Original Message-----
From: rt-users-admin@lists.fsck.com
[mailto:rt-users-admin@lists.fsck.com]On Behalf Of Christian Gilmore
Sent: Monday, December 10, 2001 4:24 PM
To: ‘Rt-Users’
Subject: RE: [rt-users] WebExternalAuth in config.pm

Richard,

Can you please send an updated (and complete) version of your web service
configuration file(s)?

Thanks,
Christian

rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

httpd.conf (32 KB)

.rtremote (24 Bytes)

.rtremotegroup (13 Bytes)

rt_snippet.pl (1.05 KB)