On Wednesday 23 Feb 2011 15:38:44 john s. wrote: > I have an Comprehensive Question about SSO in Relation to LDAP > > Is it possible with LDAP to get Access on an sso client with an Computer in > a Network ( e.g RT) by start the Computer with an network windows logon > ..........? > > Or i have to do this with ntlm?
You can use Kerberos to do this. From memory, you need to make sure that DNS is working perfectly (including reverse lookups), and you will need to ensure that the browser is prepared to use Kerberos to authenticate against your RT server. For IE, this means designating the RT server as part of the "Intranet" zone; for Firefox you can use about:config and add the RT server to network.negotiate-auth.trusted-uris. On the server side, you want something like this in .htaccess: AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms <insert your Kerberos realm here> Krb5KeyTab /etc/httpd/conf/keytab Require valid-user and you'll need to populate the keytab file with the appropriate keys. That will get you as far as having Windows transparently authenticate to the web server, which will expose the user name to RT via the REMOTE_USER environment variable. You should then be able to add Set($WebExternalAuth, 1); Set($WebExternalAuto, 1); to your RT_SiteConfig.pm file to instruct RT to trust this authentication. Hope that helps. Michael
