On Mon, Nov 21, 2011 at 10:15 AM, Kevin Falcone <[email protected]> wrote: > On Mon, Nov 21, 2011 at 03:57:30AM -0500, Mauricio Tavares wrote: >> So I am trying to see if I can understand how to use WebExternalAuth. >> In /etc/apache2/sites-available/default I have: >> >> DocumentRoot /var/www >> <Directory /> >> Options FollowSymLinks >> AllowOverride None >> >> AuthType Kerberos >> AuthName "Kerberos Login" >> KrbAuthRealms DOMAIN.COM >> KrbServiceName HTTP >> Krb5Keytab /etc/apache2/krb5.keytab >> KrbMethodK5Passwd on >> KrbDelegateBasic on >> Require valid-user >> </Directory> >> >> Then in RT_SiteConf.pm I added >> >> Set($WebExternalAuth , 1); >> Set($WebFallbackToInternalAuth , 1); >> Set($WebExternalAuto , 1); >> >> When I try to login as the root user, I am told it does not exist in >> kerberos: >> >> [Mon Nov 21 03:53:34 2011] [error] [client 192.168.1.115] >> krb5_get_init_creds_password() failed: Client not found in Kerberos >> database >> >> Would anyone know why it is not checking if rt knows of this user >> internally (as opposite to through kerberos)? > > I suspect you need a Satisfy line in your apache config to allow it > through kerberos to the normal RT login screen. > Thanks for the suggestion! I just tried "Satisfy any" and after I restarted apache, I was able to login as root. Unfortunately I then was not able to login as a kerberos user. In fact, it now cheerfully ignores the TGT.
I know I am missing a step somewhere... > -kevin > > -------- > RT Training Sessions (http://bestpractical.com/services/training.html) > * Barcelona, Spain — November 28 & 29, 2011 > -------- RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 & 29, 2011
