On Tue, Nov 11, 2014 at 12:45:41PM +0100, Luca Mazzaferro wrote: > I want to give my users the possibility to login to rt through an > SSO-mechanism (here: kerberos). > It works fine if I require a Kerberos -ticket in through apache2. > However, I would like to either have the people type their username / > password in the HTML-Login form > or click a button to login with the Kerberos ticket.
I'd suggest either two Virtual Hosts, one which does the kerberos tickets, or one domain using Satisfy so that people without kerberos tickets drop through to RT's login. Have you reviewed http://bestpractical.com/docs/rt/latest/authentication Your technique of copying and fiddling with Login.html seems much more complicated that it's needed to be for anyone that we've set this up for before. Most of the time folks just have a button on the normal login page that runs them off to the shib or kerb auth points and then back again and then RT notices you have REMOTE_USER and you're good to go. -kevin
pgpmvz8pAeNIY.pgp
Description: PGP signature