I'm using OTRS with HTTP basic auth (over SSL, of course), on FreeBSD 5.4 with Apache 1.3.33 and mod_perl. The actual authentication is done via Kerberos (using mod_kerberos), which sets the environment variables accordingly. I have no problem logging into OTRS. However, when in Queue View, whenever OTRS refreshes (set to every 10 minutes in my pers. preferences), I am prompted to authenticate again. This also happens if I refresh the page manually. I am using the same auth backend with other systems -- such as Squirrel Mail, and they do not constantly re-prompt for username/password info. There is only 1 session listed in the Session Manager, and the session ID does not seem to change -- it just requires re-authentication. There are no tell-tale entries in the OTRS System log, either. Is there somewhere in OTRS where this information is cached? Any suggestions would be helpful. -- Mark J. Nernberg Director of Technology (412)478-6262 http://www.downtownhelpdesk.com/ Customer Support: support@downtownhelpdesk.com Have you tried our on-demand remote support services? Downtown Help Desk and 1-Fast Computer Service, providing quality technology solutions to the small business since 2003.
Hi Mark, On Mon, Aug 15, 2005 at 12:17:19PM -0400, Mark Nernberg wrote:
I'm using OTRS with HTTP basic auth (over SSL, of course), on FreeBSD 5.4 with Apache 1.3.33 and mod_perl.
The actual authentication is done via Kerberos (using mod_kerberos), which sets the environment variables accordingly.
I have no problem logging into OTRS.
However, when in Queue View, whenever OTRS refreshes (set to every 10 minutes in my pers. preferences), I am prompted to authenticate again. This also happens if I refresh the page manually.
I am using the same auth backend with other systems -- such as Squirrel Mail, and they do not constantly re-prompt for username/password info.
Take a look at the session parameter in the Default.pm file. Maybe you have to change one of this settings for your needs (put the changed setting into Config.pm). To give you more detaled help, I'd need to know more about your system... Best regards, Christian -- ((otrs)) :: OTRS GmbH :: Norsk-Data-Str. 1 :: 61352 Bad Homburg http://www.otrs.de/ :: Manage your communication!
On 8/15/05 4:30 PM, "Christian Schoepplein"
Hi Mark,
On Mon, Aug 15, 2005 at 12:17:19PM -0400, Mark Nernberg wrote:
I'm using OTRS with HTTP basic auth (over SSL, of course), on FreeBSD 5.4 with Apache 1.3.33 and mod_perl.
The actual authentication is done via Kerberos (using mod_kerberos), which sets the environment variables accordingly.
I have no problem logging into OTRS.
However, when in Queue View, whenever OTRS refreshes (set to every 10 minutes in my pers. preferences), I am prompted to authenticate again. This also happens if I refresh the page manually.
I am using the same auth backend with other systems -- such as Squirrel Mail, and they do not constantly re-prompt for username/password info.
Take a look at the session parameter in the Default.pm file. Maybe you have to change one of this settings for your needs (put the changed setting into Config.pm).
It should be noted, btw, that this issue only affects the Queue View.
This is the Session Stuff from my Defaults.pm:
# --------------------------------------------------- #
# SessionModule #
# --------------------------------------------------- #
# (How should be the session-data stored?
# Advantage of DB is that you can split the
# Frontendserver from the db-server. fs or ipc is faster.)
$Self->{SessionModule} = 'Kernel::System::AuthSession::DB';
# $Self->{SessionModule} = 'Kernel::System::AuthSession::FS';
# $Self->{SessionModule} = 'Kernel::System::AuthSession::IPC';
# SessionName
# (Name of the session key. E. g. Session, SessionID, OTRS)
$Self->{SessionName} = 'Session';
# SessionCheckRemoteIP
# (If the application is used via a proxy-farm then the
# remote ip address is mostly different. In this case,
# turn of the CheckRemoteID. ) [1|0]
$Self->{SessionCheckRemoteIP} = 1;
# SessionDeleteIfNotRemoteID
# (Delete session if the session id is used with an
# invalied remote IP?) [0|1]
$Self->{SessionDeleteIfNotRemoteID} = 1;
# SessionMaxTime
# (Max valid time of one session id in second (8h = 28800).)
$Self->{SessionMaxTime} = 9*60*60;
# SessionMaxIdleTime
# (After this time (in seconds) without new http request, then
# the user get logged off)
$Self->{SessionMaxIdleTime} = 5*60*60;
# SessionDeleteIfTimeToOld
# (Delete session's witch are requested and to old?) [0|1]
$Self->{SessionDeleteIfTimeToOld} = 1;
# SessionUseCookie
# (Should the session management use html cookies?
# It's more comfortable to send links -==> if you have a valid
# session, you don't have to login again.) [0|1]
# Note: If the client browser disabled html cookies, the system
# will work as usual, append SessionID to links!
$Self->{SessionUseCookie} = 1;
# SessionUseCookieAfterBrowserClose
# (store cookies in browser after closing a browser) [0|1]
$Self->{SessionUseCookieAfterBrowserClose} = 0;
# SessionDir
# directory for all sessen id informations (just needed if
# $Self->{SessionModule}='Kernel::System::AuthSession::FS)
$Self->{SessionDir} = '
To give you more detaled help, I'd need to know more about your system...
What more would you like to know? I'll provide everything I can.
participants (2)
-
Christian Schoepplein -
Mark Nernberg