On Mon, Feb 21, 2011 at 03:24:37PM -0500, Jeff Blaine wrote: > On 2/21/2011 3:15 PM, Kevin Falcone wrote: > >On Mon, Feb 21, 2011 at 03:06:44PM -0500, Jeff Blaine wrote: > >>On 2/21/2011 2:35 PM, Kevin Falcone wrote: > >>>On Mon, Feb 21, 2011 at 09:24:38AM +0100, Adrian Stel wrote: > >>>>I would like to change standard access to RT from username/pw to > >>>>certificates authorization. Is there any simple way to do that ? Or > >>>>any additions to the RT ? > >>> > >>>You should be able to have Apache do the auth and pass that along to > >>>RT. For the RT config, you want to read about WebExternalAuth in > >>>RT_Config.pm > >>If you ever get this working, please let me know. I've > >>tried and failed. > > > >You don't say what failed, but the Apache side is just > >SSLVerifyClient require > >plus > >SSLUserName > > Yes, we have all of the cert stuff working fine (required). > I tried: > > SSLUserName SSL_CLIENT_S_DN_UID > > and turned on WebExternalAuth, et al. Restarted httpd, > closed browser, visited site, entered certificate > passphrase, and saw the same old RT login screen.
This implies you didn't turn on WebExternalAuth, or also turned on WebFallbackToInternalAuth. Apache will log the REMOTE_USER so it is relatively straightforward to see if the Apache is providing enough information for RT. -kevin
pgpl61boePPg7.pgp
Description: PGP signature