I developed on Redmine a plugin to automatically log users using the REMOTE_USER given by Apache when its Kerberos ticket is accepted. This plugin works as long as the user has a corporate login, but some developers might come from other development company so they will use a local Redmine account.
If an external user connects to the platform, he'll never have access as Apache won't let him in as it tries to log the user againt Kerberos.
The first turn around was to duplicate the Redmine instance without Kerberos, so the standard Redmine's login page handles the autentication. This solution works but "hackers" see what it's running and I want to avoid that... For this issue, I forked the Perl script Redmine gives for the SVN authentication and adapted it to do a standard basic authentication based on the Redmine local DB. Once allowed to enter using the REMOTE_USER, my plugin in redmine let him in.
I still have two instances of the same software with two different URLs which I don't like... So I'm looking for a Kerberos authentication with a local authentication fallback on Apache. I found on the internet and here that I can use the keywords AuthnProviderAlias or AuthBasicProvider. It seems I can specify Kerberos but not my "custom" perl script...
Does anyone have an idea ? A page I can't read ?
