Ebola

Ebola is the name of our Request Tracker instance and the VM it runs on. It is at https://ebola.acm.jhu.edu/rt.

Authentication to ebola uses Kerberos. You can use your tickets if you have configured your browser to do so. Or you can just give your password in the usual HTTP Basic Auth way and the server will check it against Kerberos.

Any task that the ACM needs to get done should be a ticket. So should any ACM project idea. And so should any physical item lent to the ACM by a member.

Authenticating using your tickets

See the section for the web browser you’re using.

Chromium/Chrome

AuthServerWhitelist needs to be set to *acm.jhu.edu. (The lack of initial dot is to allow this to work on acm.jhu.edu itself should we ever put a service there for which this is relevant.) There are a couple of ways to do this:

  • Exit the browser, then edit the file Local State (which is JSON) in your profile. In the dictionary with key "auth" (add an empty one if there isn’t already one), add key "server_whitelist" with value "*acm.jhu.edu". This is probably the best method for your own personal systems.
  • There is a way to force setting values, including this one, through systemwide policy files. We should deploy such a file on the desktops so chromium users get seamless RT login.
  • You used to be able to pass the argument --auth-server-whitelist="*acm.jhu.edu" when starting the browser; you may find some documentation floating around out there mentioning this. This method has been removed in very recent versions (past about January 2015).

Iceweasel/Firefox

Go into about:config and set network.negotiate-auth.trusted-uris to acm.jhu.edu.

The rt Command Line Client

RT comes with a quite nifty command-line client (Debian has it in the rt4-clients package). Just put server https://ebola.acm.jhu.edu/rt in your ~/.rtrc and it’ll talk to ebola.

If you have the right packages installed (on Debian, liblwp-authen-negotiate-perl), it’ll even use your Kerberos tickets instead of a password if you have a new enough version of the client (probably 4.2.11, not yet out as of this writing, due to a nasty bug in the support for this that just got fixed) and you put auth gssapi in your ~/.rtrc.

Type rt help config to see what else you can put in your ~/.rtrc.

There is also the systemwide /etc/request-tracker4/rt.conf, which is the route through which we’ll get this configuration onto the desktops.

The assets Module

We have installed the assets module for RT. A portion of the postinstall script failed; the make initdb command defaulted to postgres as the database user despite the config file (correctly) giving acm_rt. To fix, I simply re-ran the commands with the correct user and they worked. Also of note: RT_Config.pm is in /usr/share/request-tracker4/etc/, RT_SiteConfig.pm is in /etc/request-tracker4/, and the mason cache is in /var/cache/request-tracker4/mason_data/. Now you can track ball bearings to your heart’s content. Please don’t.