[Nagios-users] Re: How to Loggout?

[Andreas Ericsson]

Leonardo Henrique Machado wrote:
> Devel Team,
> 
> are you all thinking about a solutinon to this problema?
> 

I can't imagine they are.

> I realy think it's a very important feature that nagios lacks. Why cannot 
> Nagios handle the autentication by it self? 
> 

Because handling authentication properly is a non-trivial task, which 
really isn't nagios's job.
Besides, apache is very good at it, and not many users have requested 
the feature. If you want to log out, close the browser.

If it's really _REALLY_ important that you're logged in as different 
users simultaneously (although I cannot for the world of me think of a 
reason why you'd want that unless you're already hacking at the cgi's), 
you can always hire a consultant to rewrite the GUI for you, or do it 
yourself.

> We could also have an admin interface to let the contacts change their
> passwords.

This is trivial to implement with the current authentication system and 
some moderately clever PHP/Perl/shell/C/whatever code.

> I don't think that the it would be a security hole

Not so long as proper whitelists ( [A-Za-z0-9] ) are applied, if 
htpasswd is to be called.

> (.htaccess is also very unsafe).
> 

Only if misconfigured, in which case anything is very unsafe.

> I hope it could be in Nagios 2.0.
> 

It probably will be available when the CGI's have been rewritten in PHP, 
which won't happen any time soon, if you are to believe www.nagios.org.

-- 
Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504