Mapping DNs to username

Miah, W (Wadud) W.Miah at rl.ac.uk
Tue Dec 4 18:50:52 CET 2007
Previous message: Mapping DNs to username
Next message: Mapping DNs to username
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm aware of other authentication methods, but I must use client
certificates. 

-------------------------nagios.conf-------------------------
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin

<Directory /usr/local/nagios/sbin>
  SSLVerifyClient Require
  SSLVerifyDepth 3
  SSLOptions +FakeBasicAuth
  SSLRequireSSL

  Options ExecCGI
  AllowOverride None
  AuthName "Nagios CGI Access"
  AuthType Basic
  AuthUserFile /etc/nagios/users-access
  Require valid-user
</Directory> 
-------------------------

-------------------------/etc/nagios/users-access-----------------------
--
/C=UK/O=eScience/OU=CLRC/L=RAL/CN=wadud miah:xxj31ZMTZzkVA
-------------------------

Apache then sets the username as the certificate DN =
'/C=UK/O=eScience/OU=CLRC/L=RAL/CN=wadud miah'
Even if I enclose the DN in quotes (single and double), and assign it
to, say, 
authorized_for_system_information, Nagios does not allow me to view the
system information. I guess this is
more of an Apache question than Nagios. 

-----Original Message-----
From: tom.welsh at bt.com [mailto:tom.welsh at bt.com] 
Sent: 04 December 2007 17:18
To: Miah, W (Wadud); nagios-users at lists.sourceforge.net
Subject: RE: [Nagios-users] Mapping DNs to username

Hi Wadud,

How have you setup you authentication to use certs? 

Typically nagios uses .htaccess files in the examples to authenticate
users. This is documented in the docs.

You can use htpasswd, htdigest or dbmanage to create your user file.
Just make sure you set the AuthType to the correct value.

ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin

<Directory "/usr/local/nagios/sbin">
    Options ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /usr/local/nagios/etc/htpasswd.users
    Require valid-user
</Directory>

Alias /nagios /usr/local/nagios/share

<Directory "/usr/local/nagios/share">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "Nagios Access"
    AuthType Basic
    AuthUserFile /usr/local/nagios/etc/htpasswd.users
    Require valid-user
</Directory>

Have you setup authentication another way? If so can you post part off
your config so we can help you?

Regards

Tom

-----Original Message-----
From: nagios-users-bounces at lists.sourceforge.net
[mailto:nagios-users-bounces at lists.sourceforge.net] On Behalf Of Miah, W
(Wadud)
Sent: 04 December 2007 17:12
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] Mapping DNs to username

Nagios CGI authentication is carried out using certificates, which sets
the username to the certificate DN. Is there a way to map it to a unique
username? For example, 

DN1 -> user1
DN2 -> user2

I can't seem to find a solution to this problem in the archives. 

Many thanks.

------------
Wadud Miah
Scientific Computing Systems Support
High Performance Computing Services Group, e-Science, RAL
01235 446 794
------------


------------------------------------------------------------------------
-
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Mapping DNs to username
Next message: Mapping DNs to username
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list