Hi All, I'm moving from RT3.6 -> RT4.0.17 and have decided to try going with RT::Authen::ExternalAuth instead of an OverRide I wrote previously.
My system sets a cookie for all visitors, which is just a session ID (no other information in the cookie - for security .. this is then linked to the actual user information using Apache::Session to do the dirty work) Inside the cookie retrieved information there is the Username, Email addresses (multiple possible), Real Name, RT ID (single at the moment, but will be multiple in the near future) and a load of other information (address etc.) Currently when someone logs in to the main site and updates their preferences it updates the preferences in the RT user database. Inside the retrieved information there is an 'auth' parameter which contains the current state of the login and it's timeout. My thoughts is for any un-authenticated user to be re-directed to my main login page, get the new authenticated cookie, and be re-directed back to the RT system. The RT system will then load the user information from the DB retrieved by the cookie ID.. and allow access in that method. Is this possible with RT::Authen::ExternalAuth ? If so is it possible for it to update the timeout as necessary (so the login doesn't idle out)? If all of the above... any Docs/Examples on it? (I have modules that can do this as well - but need to know what calls what and what is expected in the return) Glancing at the code, it suggests that it is not possible without extensive work... can anyone confirm or deny? Thanks, -- Michelle Sullivan http://www.mhix.org/