Authenticated users cross-auth problem

Voon, Ton Ton.Voon at egg.com
Wed Jul 16 10:30:37 CEST 2003


Greg,

That is working as expected but I found this was a limitation in our
environment. I wanted only specific services on a host to be visible to
certain contacts. For example, I only want the Unix team to see Unix
services, Oracle team to see Oracle databases, etc.

I applied this patch to auth.c.

I think the authentication should be more modular, but then you need to
specify for every service which contacts you want, which complicates the
configuration.

Ton

> -----Original Message-----
> From: Greg Vickers [mailto:daehenoc at hotmail.com] 
> Sent: Wednesday, July 16, 2003 8:59 AM
> To: nagios-users at sourceforge.net
> Subject: [Nagios-users] Authenticated users cross-auth problem
> 
> 
> Hello all,
> 
> I have a ticklish problem:
> 
> From the manual:
> Authenticated contacts are granted the following permissions 
> for each host 
> for which they are contacts:
> 	* Authorization to view status information for all 
> services on the host
> 
> The only way I can see for someone to be authenticated for a 
> host is to be 
> authenticated for a service assigned to that host or be a 
> contact for a 
> hostgroup that contains that host. (Is this right?)
> 
> Therefore:
> If I have Service A associated with Host A and Contact A is 
> authorized to 
> view the status of Service A, Contact A by default has 
> permission to view 
> the status etc of Host A.
> If I have Service B associated with Host A and Contact B is 
> authorized to 
> view the status of Service B, Contact B by default has 
> permission to view 
> the status of Host A, AND ANY SERVICES of Host A!
> 
> Contact B can see the status of Service A, even though 
> Contact B is *not* an 
> authenticated contact of Service A! (Due to Contact B being 
> authorized for 
> Host A)
> 
> Has anyone else come across this problem, or am not RTFMing 
> properly? There 
> has to be a way to have two services associated with one host and the 
> respective contacts not being able to view the status of the 
> other service.
> 
> (I have tried assigning the services directly to a host and 
> assigning them 
> via hostgroups, the same undesirable situation occurs.)
> 
> Please help!
> 
> Thanks,
> Greg
> 
> _________________________________________________________________
> Hotmail is now available on Australian mobile phones. Go to  
> http://ninemsn.com.au/mobilecentral/signup.asp
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a 
> single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual 
> machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS 
> when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
> 



This private and confidential e-mail has been sent to you by Egg.
The Egg group of companies includes Egg Banking plc
(registered no. 2999842), Egg Financial Products Ltd (registered
no. 3319027) and Egg Investments Ltd (registered no. 3403963) which
carries out investment business on behalf of Egg and is regulated
by the Financial Services Authority.  
Registered in England and Wales. Registered offices: 1 Waterhouse Square,
138-142 Holborn, London EC1N 2NA.
If you are not the intended recipient of this e-mail and have
received it in error, please notify the sender by replying with
'received in error' as the subject and then delete it from your
mailbox.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: auth.c.patch
Type: application/octet-stream
Size: 605 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20030716/a40f1241/attachment.obj>


More information about the Users mailing list