[rt-users] WebExternalAuth and no root for you
So I am trying to see if I can understand how to use WebExternalAuth. In /etc/apache2/sites-available/default I have: DocumentRoot /var/www Directory / Options FollowSymLinks AllowOverride None AuthType Kerberos AuthName Kerberos Login KrbAuthRealms DOMAIN.COM KrbServiceName HTTP Krb5Keytab /etc/apache2/krb5.keytab KrbMethodK5Passwd on KrbDelegateBasic on Require valid-user /Directory Then in RT_SiteConf.pm I added Set($WebExternalAuth , 1); Set($WebFallbackToInternalAuth , 1); Set($WebExternalAuto , 1); When I try to login as the root user, I am told it does not exist in kerberos: [Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115] krb5_get_init_creds_password() failed: Client not found in Kerberos database Would anyone know why it is not checking if rt knows of this user internally (as opposite to through kerberos)? RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] WebExternalAuth and no root for you
On Mon, Nov 21, 2011 at 03:57:30AM -0500, Mauricio Tavares wrote: So I am trying to see if I can understand how to use WebExternalAuth. In /etc/apache2/sites-available/default I have: DocumentRoot /var/www Directory / Options FollowSymLinks AllowOverride None AuthType Kerberos AuthName Kerberos Login KrbAuthRealms DOMAIN.COM KrbServiceName HTTP Krb5Keytab /etc/apache2/krb5.keytab KrbMethodK5Passwd on KrbDelegateBasic on Require valid-user /Directory Then in RT_SiteConf.pm I added Set($WebExternalAuth , 1); Set($WebFallbackToInternalAuth , 1); Set($WebExternalAuto , 1); When I try to login as the root user, I am told it does not exist in kerberos: [Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115] krb5_get_init_creds_password() failed: Client not found in Kerberos database Would anyone know why it is not checking if rt knows of this user internally (as opposite to through kerberos)? I suspect you need a Satisfy line in your apache config to allow it through kerberos to the normal RT login screen. -kevin pgpwNA6VjIJau.pgp Description: PGP signature RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] WebExternalAuth and no root for you
On Mon, Nov 21, 2011 at 10:15 AM, Kevin Falcone falc...@bestpractical.com wrote: On Mon, Nov 21, 2011 at 03:57:30AM -0500, Mauricio Tavares wrote: So I am trying to see if I can understand how to use WebExternalAuth. In /etc/apache2/sites-available/default I have: DocumentRoot /var/www Directory / Options FollowSymLinks AllowOverride None AuthType Kerberos AuthName Kerberos Login KrbAuthRealms DOMAIN.COM KrbServiceName HTTP Krb5Keytab /etc/apache2/krb5.keytab KrbMethodK5Passwd on KrbDelegateBasic on Require valid-user /Directory Then in RT_SiteConf.pm I added Set($WebExternalAuth , 1); Set($WebFallbackToInternalAuth , 1); Set($WebExternalAuto , 1); When I try to login as the root user, I am told it does not exist in kerberos: [Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115] krb5_get_init_creds_password() failed: Client not found in Kerberos database Would anyone know why it is not checking if rt knows of this user internally (as opposite to through kerberos)? I suspect you need a Satisfy line in your apache config to allow it through kerberos to the normal RT login screen. Thanks for the suggestion! I just tried Satisfy any and after I restarted apache, I was able to login as root. Unfortunately I then was not able to login as a kerberos user. In fact, it now cheerfully ignores the TGT. I know I am missing a step somewhere... -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
