On 2/21/2011 3:40 PM, Kevin Falcone wrote:
On Mon, Feb 21, 2011 at 03:24:37PM -0500, Jeff Blaine wrote:
On 2/21/2011 3:15 PM, Kevin Falcone wrote:
On Mon, Feb 21, 2011 at 03:06:44PM -0500, Jeff Blaine wrote:
On 2/21/2011 2:35 PM, Kevin Falcone wrote:
On Mon, Feb 21, 2011 at 09:24:38AM +0100, Adrian Stel wrote:
I would like to change standard access to RT from username/pw to
certificates authorization. Is there any simple way to do that ? Or
any additions to the RT ?
You should be able to have Apache do the auth and pass that along to
RT. For the RT config, you want to read about WebExternalAuth in
RT_Config.pm
If you ever get this working, please let me know. I've
tried and failed.
You don't say what failed, but the Apache side is just
SSLVerifyClient require
plus
SSLUserName
Yes, we have all of the cert stuff working fine (required).
I tried:
SSLUserName SSL_CLIENT_S_DN_UID
and turned on WebExternalAuth, et al. Restarted httpd,
closed browser, visited site, entered certificate
passphrase, and saw the same old RT login screen.
This implies you didn't turn on WebExternalAuth, or also turned on
WebFallbackToInternalAuth. Apache will log the REMOTE_USER so it is
relatively straightforward to see if the Apache is providing enough
information for RT.
Correct. I've since turned off WebFallbackToInternalAuth.
Set($WebExternalAuth, 1);
Set($WebExternalAuthContinuous, 1);
Set($WebFallbackToInternalAuth , undef);
SSLVerifyClient require
SSLUserName SSL_CLIENT_S_DN_UID
%u (remote user) logs as "-" for me, so is no help
other than to indicate it's not working.
RT 3.8.7
Apache httpd 2.2.3-45.el5
Thanks for the help though.
