Re: [otrs] HTTP basic auth

15 Aug 2005

      On 8/15/05 4:30 PM, "Christian Schoepplein" 
wrote:
...
Hi Mark,
On Mon, Aug 15, 2005 at 12:17:19PM -0400, Mark Nernberg wrote:
...
I'm using OTRS with HTTP basic auth (over SSL, of course), on FreeBSD 5.4
with Apache 1.3.33 and mod_perl.
The actual authentication is done via Kerberos (using mod_kerberos), which
sets the environment variables accordingly.
I have no problem logging into OTRS.
However, when in Queue View, whenever OTRS refreshes (set to every 10
minutes in my pers. preferences), I am prompted to authenticate again.  This
also happens if I refresh the page manually.
I am using the same auth backend with other systems -- such as Squirrel
Mail, and they do not constantly re-prompt for username/password info.
Take a look at the session parameter in the Default.pm file. Maybe you
have to change one of this settings for your needs (put the changed
setting into Config.pm).
It should be noted, btw, that this issue only affects the Queue View.

This is the Session Stuff from my Defaults.pm:

    # --------------------------------------------------- #
    # SessionModule                                       #
    # --------------------------------------------------- #
    # (How should be the session-data stored?
    # Advantage of DB is that you can split the
    # Frontendserver from the db-server. fs or ipc is faster.)
    $Self->{SessionModule} = 'Kernel::System::AuthSession::DB';
#    $Self->{SessionModule} = 'Kernel::System::AuthSession::FS';
#    $Self->{SessionModule} = 'Kernel::System::AuthSession::IPC';

    # SessionName
    # (Name of the session key. E. g. Session, SessionID, OTRS)
    $Self->{SessionName} = 'Session';

    # SessionCheckRemoteIP
    # (If the application is used via a proxy-farm then the
    # remote ip address is mostly different. In this case,
    # turn of the CheckRemoteID. ) [1|0]
    $Self->{SessionCheckRemoteIP} = 1;

    # SessionDeleteIfNotRemoteID
    # (Delete session if the session id is used with an
    # invalied remote IP?) [0|1]
    $Self->{SessionDeleteIfNotRemoteID} = 1;

    # SessionMaxTime
    # (Max valid time of one session id in second (8h = 28800).)
    $Self->{SessionMaxTime} = 9*60*60;

    # SessionMaxIdleTime
    # (After this time (in seconds) without new http request, then
    # the user get logged off)
    $Self->{SessionMaxIdleTime} = 5*60*60;

    # SessionDeleteIfTimeToOld
    # (Delete session's witch are requested and to old?) [0|1]
    $Self->{SessionDeleteIfTimeToOld} = 1;

    # SessionUseCookie
    # (Should the session management use html cookies?
    # It's more comfortable to send links -==> if you have a valid
    # session, you don't have to login again.) [0|1]
    # Note: If the client browser disabled html cookies, the system
    # will work as usual, append SessionID to links!
    $Self->{SessionUseCookie} = 1;

    # SessionUseCookieAfterBrowserClose
    # (store cookies in browser after closing a browser) [0|1]
    $Self->{SessionUseCookieAfterBrowserClose} = 0;

    # SessionDir
    # directory for all sessen id informations (just needed if
    # $Self->{SessionModule}='Kernel::System::AuthSession::FS)
    $Self->{SessionDir} = '/var/sessions';

    # SessionTable*
    # (just needed if
$Self->{SessionModule}='Kernel::System::AuthSession::DB)
    # SessionTable
    $Self->{SessionTable} = 'sessions';
    # SessionTable id column
    $Self->{SessionTableID} = 'session_id';
    # SessionTable value column
    $Self->{SessionTableValue} = 'session_value';
...
To give you more detaled help, I'd need to know more about your
system...
What more would you like to know?  I'll provide everything I can.