User Accounts in OSTicket would be a GOD SEND
Still there are no force login option??
We wanted the same thing. In our situation we don't use email piping for ticket creation. Only the web interface. Simply, we don't want anyone from the public (and spam bots) to freely open tickets at will.
In the end we installed osTicket on a subdomain and completely separate database from our cms to fulfill some security requirements. After that, we locked down the root folder osTicket is running from with .htaccess protection. Not perfect, but it works, and it's the simplest work around we've found. If you want to open a ticket you have to be given the username and password we set on the osTicket directory before you're allowed in.
We're researching trying to use osTicket's "Ticket Filtering" features to only allow tickets to be opened by users of given email domains when opened through the web interface. If their email address doesn't match a domain we've allowed, then the ticket should be rejected. This way we could turn off .htaccess and not worry to much about people opening tickets that are not supposed to.
Unfortunately, we've tried setting this up "Ticket Filtering", but can't figure out how it is supposed to work or the allowed syntax that is used. IE.. wild carding a domain. *@domain.com. We've tried several combinations of things and none seem to work as tickets are always created no matter what.
The frustrating part about the "Ticket Filtering" features is that there isn't any documentation what so ever and other people that have raised tickets wondering the same thing are not being responded to.
Good luck.