Hi, Why do you expect remote server where you host RT to respect REMOTE_USER and not to drop it? If a web server would pass remotely provided REMOTE_USER further to an app without additional configuration then we wouldn't use it for authentication.
On Mon, Sep 2, 2013 at 5:14 PM, Oliver Weinmann < [email protected]> wrote: > Hi all,**** > > ** ** > > we have successfully setup RT 4.0.4 with ldap_import and mod_auth_kerb. > Now we need to get the setup running through our reverse proxy.**** > > ** ** > > What we have on our reverse proxy is this:**** > > ** ** > > ProxyPass /rt/ http://hostname.local/rt/ max=100**** > > ProxyPassReverse /rt/ http://hostname.local/rt/**** > > ** ** > > RedirectMatch ^/$ /rt/**** > > ** ** > > # Proxy all locations**** > > <Proxy *>**** > > AddDefaultCharset off**** > > Order deny,allow**** > > Deny from none**** > > </Proxy>**** > > ** ** > > ** ** > > <Location /rt>**** > > AuthType Kerberos**** > > AuthName "Kerberos Login"**** > > KrbAuthRealms KRB5.LOCAL**** > > Krb5KeyTab /etc/apache2/host.keytab**** > > KrbMethodNegotiate on**** > > KrbAuthoritative on**** > > KrbMethodK5Passwd off**** > > KrbSaveCredentials on**** > > require valid-user**** > > ** ** > > # SSO**** > > RewriteEngine On**** > > RewriteCond %{LA-U:REMOTE_USER} (.+)$**** > > RewriteRule . - [E=RU:%1]**** > > RequestHeader set REMOTE_USER %{RU}e**** > > ** ** > > </Location>**** > > ** ** > > Running tcpdump we can see that REMOTE_USER is set and send to the host > hosting RT. It looks like RT is not picking it up. As far as I understood > is that my user gets authenticated at the proxy and RT should trust these > credentials and log in the user.**** > -- Best regards, Ruslan.
