Server Authentication

gerb42 · Post by **gerb42** » 17 Jan 2007, 17:13

Hi all,

I have mantis 1.0.6 runnig on a server which already requires users to log on. Is it possible to make mantis use this credentials? If yes, how?

thx

ed · Post by ed » 18 Jan 2007, 00:30

see if this helps you:

http://www.mantisbt.org/manual/manual.c ... cation.php

gerb42 · Post by **gerb42** » 18 Jan 2007, 08:17

Hi ed,

I already tried this options. Maybe some more Info about the scenario would help:

The Apache Server requests a username and password which it uses to authenticate users via LDAP against our AD, so users can log in using their Windows account name and password.

If I set Mantis to use the very same LDAP Repository users will have to enter their name and password twice. If I set Mantis to BASIC_AUTH it will try to check the password against its own database which will fail if the passwords in LDAP and database do not match. This is likely to happen since we have a password policy requiring to change passwords every six weeks.

What I would like Mantis to do is either accepting the username as-is if it exists in the database or check it silently against LDAP, bypassing the login page if this succeeds.

ed · Post by ed » 18 Jan 2007, 09:41

Sorry, no idea.

gerb42 · Post by **gerb42** » 18 Jan 2007, 10:47

Ok, in Method auth_attempt_login I replaced the following line:

Code: Select all

if ( !auth_does_password_match( $t_user_id, $p_password ) ) {

with this one:

Code: Select all

if ( HTTP_AUTH != $t_login_method && !auth_does_password_match( $t_user_id, $p_password ) ) {

and changed $g_login_method to HTTP_AUTH. This seems to do the Trick.