Talk:Kerberos SSO with Active Directory Integration

From Request Tracker Wiki
Jump to navigation Jump to search

Mod_auth_kerb has an option not to include the realm in the REMOTE_USER. this would mean that you can use the default external auth plugin out of the box (no need to patch)

the relevent config in the apache.conf is:

KrbLocalUserMapping On

~~ not signed

I didn't know of KrbLocalUserMapping, that might come in handy sometimes. Thanks.
Unless I'm missing something, RT::Authen::ExternalAuth does not support authentication agains the Apache REMOTE_USER variable in any case; at best we could remove a few lines of code from my patch.
SuperJediWombat 09:20, November 1, 2011 (UTC)