This page contains out of date and possibly misleading information or instructions such as installation methods or configuration examples that no longer apply. Please consider this warning when reading the page below.
From the RT_Config.pm file:
If $WebExternalAuth is defined, RT will defer to the environment's REMOTE_USER variable.
Just add the following lines to your RT_SiteConfig.pm file:
# tells RT to use the REMOTE_USER provided by the web server Set($WebExternalAuth , 1); # tells RT to display its normal login screen if REMOTE_USER fails Set($WebFallbackToInternalAuth , 1); # tells RT to create users automatically if no user matching REMOTE_USER is found Set($WebExternalAuto , 1);
and then configure Apache to not authenticate the /NoAuth directory, so the rt-mailgate program can submit tickets.
For example (using pwauth and mod_perl):
AddExternalAuth pwauth /usr/local/sbin/pwauth
SetExternalAuthMethod pwauth pipe
SetHandler perl-script PerlHandler RT::Mason
AuthName rtauth AuthExternal pwauth require valid-user </Location>
Satisfy Any Allow from all </LocationMatch>
Adjust for your particular authentication method and webserver configuration.
Notes that has been added to the [FAQ] where they don't belong
TODO: refactor me into good looking combined text
Q: I use WebExternalAuth to authenticate my users. When I turn it on E-Mail to queues stop working with a "401 Authorization Required" error. How can I make the mail gateway authenticate to the web server?
A: Turn off the authentication requirement for all "NoAuth" directories. For Apache edit the server-wide httpd.conf file and add the following in RT's VirtualHost section (change the "/opt/rt3" to point to your installation):
SetHandler perl-script PerlHandler RT::Mason satisfy any allow from all </Directory> <Directory /opt/rt3/share/html/NoAuth> SetHandler perl-script PerlHandler RT::Mason satisfy any allow from all </Directory>
A2: You may find that you need to use Location directives within the virtual host instead. This worked for me whereas Directory did not. (using fastcgi, obviously, on apache 2.0.x, under mod_auth_kerberos.)
SetHandler fastcgi-script allow from all satisfy any </Location> <Location /NoAuth> SetHandler fastcgi-script allow from all satisfy any </Location>