I am trying to set up a somewhat basic RT install. The non-basic parts are that I am using the Apache mod_auth_pam module for auth. The RT docs talk about a config option WebFallbackToRTLogin. the docs say:
If true, allows internal logins as well as REMOTE_USER by providing a login form if external authentication fails. This is useful to provide local admin access (usually as root) or self service access for people without external user accounts.
Ok, the PAM auth part is working, no problems there. My question is about how this fallback is supposed to happen? When I reach the RT web site I am challenged for a user and password. The standard user/pass challenge popup only has OK & Cancel buttons. Entering invalid credentials just gets you another popup. The Cancel button renders a 401 Authorization Required page.
So, how does the WebFallbackToRTLogin work if I can't get to the failure state?
For that option, you need to tell Apache to allow the page to render even if authentication fails. You can usually do this with a
Satisfy anydirective. Then you should be able to access the default RT login page when the first authentication fails.