On Mon, Feb 21, 2011 at 12:35 PM, Kevin Falcone <[email protected]>wrote:
> On Mon, Feb 21, 2011 at 09:24:38AM +0100, Adrian Stel wrote: > > I would like to change standard access to RT from username/pw to > > certificates authorization. Is there any simple way to do that ? Or > > any additions to the RT ? > > You should be able to have Apache do the auth and pass that along to > RT. For the RT config, you want to read about WebExternalAuth in > RT_Config.pm > If you do this (WebExternalAuth) and you're in an AD or Kerberos/LDAP environment, you may be able to use pass-through authentication (assuming that your users are logging in with the same credentials that they use for authentication to your servers). http://modauthkerb.sourceforge.net/ http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html I have mod_auth_kerb working in this manner, authenticating against AD (not in RT, but in a different app served through Apache). I haven't tested mod_auth_ldap yet, but it would only be necessary if you're looking to authorize your clients (versus just authenticating them).
