using LDAP-based user authentication
James S. White
james at jameswhite.org
Sat Dec 10 16:14:59 CET 2005
We implemented a similar solution using Apache::AuthCookie and it shows
the user as just the userid, not the whole DN, It might be worth it to
look at Apache::AuthCookie.
Just my $.02.
-----------------------------------------------------------------------
James S. White primary/voip: (615) 469-0268
928 Mountain Valley Dr. .O. mobile: (256) 476-2619
Nashville, TN 37209 ..O work: (615) 341-8218
http://www.jameswhite.org OOO work-mobile: (615) 519-5160
james at jameswhite.org fax: (866) 260-5465
-----------------------------------------------------------------------
"Computers are useless. They only give you answers." -- Pablo Picasso
On Thu, 8 Dec 2005, Jeff Rattray wrote:
> Greetings, everyone. We (Purdue College of Pharmacy, Nursing and Health
> Sciences) have been using nagios for half of a year now, and it has been really
> handy. Currently, we are trying to change the way nagios authenticates users.
> Purdue has implemented a new security policy that says that all passwords,
> whatever they are for, must be changed every 30 days. Leaving aside the
> difficulties about changing, say, BIOS passwords in the student labs, we are
> trying to reduce the number of usernames and passwords that we have to make it
> easier to keep up with the password-changing requirement.
>
> I have successfully configured mod_authz_ldap to handle authentication on our
> nagios server, and I can log into the nagios pages. Unfortunately, instead of
> returning a simple username like 'jrattray', the CGIs see my username as
> 'uid=jrattray,ou=people,o=pnhs.purdue.edu' . I cannot authorize myself to see
> any information, because when I put that string into cgi.cfg, nagios breaks it
> up at the commas into 3 different users. (The equals signs may be confusing it
> also.)
>
> Here are my questions:
>
> (1) Does anyone know how to escape this username so that it works in cgi.cfg?
> I have tried entering it as a quoted string, putting slashes in front of the
> commas, etc.
>
> (2) Failing that, has anyone had any experience using nagios with
> mod_auth_ldap? I used mod_authz_ldap (a third-party product) only because it
> came with Red Hat EL, but I don't want to bother compiling the official apache
> module if it does exactly the same thing.
>
> (3) Failing THAT, how does one submit this to the wish list for nagios?
>
> Thanks,
> Jeff Rattray
> --
> Jeff Rattray, Ph.D.
> Manager, Web-based Instructional Technology
> Purdue University College of Pharmacy, Nursing and Health Sciences
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems? Stop! Download the new AJAX search engine that makes
> searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list