Hi all. I'd like to hear from anyone who has *actually setup* SSO (windows 200x domain) with OTRS ?
would you be able to write a readme ?
On Thu, Jun 19, 2008 at 8:52 PM, Thomas Mueller
hi sam
I'd like to hear from anyone who has *actually setup* SSO (windows 200x domain) with OTRS ?
i've done that with apache's mod_auth_kerb and otrs set to "basic auth". OTRS server is a debian box.
- Thomas
_______________________________________________ OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs Support or consulting for your OTRS system? => http://www.otrs.com/
would you be able to write a readme ?
not quit a readme, but some hints wan't needs to be done: * get familiar with keberos (tickets, keytabs, principals, kvno, ...), keywords GSSAPI/SSPI (RTFM, try-and-error) * install and configure kerberos on the OTRS box (very basic check: kinit <usernmae>@<DOMAIN> && klist need to work). * in OTRS: configure user names, otrs will see "AD-Style" usernames (<username>@<DOMAIN>) * install & configure mod_auth_kerb * configure OTRS for basic auth if you never configured kerberos/mod_auth_kerb, it won't be quick as there are many pitfalls (cryptic log, no log, dns issues, clock-drift issues, etc). some readings: http://support.microsoft.com/kb/555092 http://modauthkerb.sourceforge.net/ http://doc.otrs.org/2.2/en/html/x1641.html#agent-auth-backend-httpbasic http://tldp.org/HOWTO/Kerberos-Infrastructure-HOWTO/client-configure.html#ap... - Thomas
participants (2)
-
Sam Ami -
Thomas Mueller