hostprops=1024 does not list flapping hosts
Owen LaGarde
owen.m.lagarde at usace.army.mil
Wed Jan 28 23:48:05 CET 2009
My nagios-3.0.2 is correctly detecting flapping hosts and services, and
correctly lists them in the tactical and host overview displays.
Clicking on the flapping-hosts link in the tactical display does not
display them. Asking status.cgi directly for all hosts with hostprops
of 1024 (status.cgi?host=all&hostprops=1024) does not return them
either. Other direct queries (ie., hostprops=42) behave as expected;
only hostprops=1024 seems to be misbehaving, which makes me think I've
misconfigured something. Anyone else seen this?
On Sat, 2009-01-24 at 14:02 +0000,
nagios-users-request at lists.sourceforge.net wrote:
> Send Nagios-users mailing list submissions to
> nagios-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> or, via email, send a message with subject or body 'help' to
> nagios-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
> nagios-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Nagios-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Expiring acknowledgements (Mathieu Gagn?)
> 2. Re: Windows disk health monitoring with
> smartmontoolsl/NSClient++? (Anthony Montibello)
> 3. Re: nagios service flapping (Andy Shellam)
> 4. Re: Nagios - LDAP/RSA authentication (Kevin Keane)
> 5. Re: Nagios - LDAP/RSA authentication (Kevin Keane)
> 6. Re: Nagios - LDAP/RSA authentication (Mohammed Al-Kout)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 23 Jan 2009 18:56:57 -0500
> From: Mathieu Gagn? <mgagne at iweb.com>
> Subject: Re: [Nagios-users] Expiring acknowledgements
> To: Frank Clements <fclements at inetu.net>
> Cc: "nagios-users at lists.sourceforge.net"
> <nagios-users at lists.sourceforge.net>
> Message-ID: <497A5949.7020105 at iweb.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi,
>
> Frank Clements wrote:
> >
> > I'm wondering if there is anyone out there in user-land that has any process
> > of expiring acknowledgements after a certain time period. I've done some
> > searching and came up mostly empty handed. I've seen a mention of using SEC
> > to carry this out, but I'm completely unfamiliar with SEC. If this is the
> > way to go I'm game for looking into using it.
> >
> > Anyone out there doing something like this and care to share how?
>
> You could install NDOUtils [1], use Nagios::Object [2] or write yourself
> a C script and use it to retrieve all acknowledged problems and remove
> the acknowledge flag for each of them using external commands [3][4] if
> they should expire.
>
> Mathieu
>
> [1] http://www.nagios.org/download/addons/
> [2] http://search.cpan.org/~tobeya/Nagios-Object/
> [3]
> http://www.nagios.org/developerinfo/externalcommands/commandinfo.php?command_id=116
> [4]
> http://www.nagios.org/developerinfo/externalcommands/commandinfo.php?command_id=117
>
>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 23 Jan 2009 20:56:46 -0500
> From: Anthony Montibello <amontibello at gmail.com>
> Subject: Re: [Nagios-users] Windows disk health monitoring with
> smartmontoolsl/NSClient++?
> To: 44kbps <44kbps at gmail.com>
> Cc: nagios-users at lists.sourceforge.net
> Message-ID:
> <c4515bfd0901231756paad4631r25108f4668a9ec21 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> If using NC_Net
> look at the commands in chec_nc_net.c (nc_net's customized check_nt
> compatible client)
> check_nc_net --help=WMICAT_NEW
> check_nc_net --help=WMICHECK
> check_nc_net --help=WMICAT
> check_nc_net --help=WMICOUNTER
> WMICOunter can use -w and -c
>
> each of these commands need the WMI Query as input and may give the results
> back in a format that is easier to manipulate in a wrapper script instead of
> a VB script (it depends on expertise and deployment strategy )
>
> example of a input to WMI check/counter for NC_NEt:
>
> check_nc_net -v WMICHECK -l "cimv2^freespace,name^win32_logicaldisk^name=
> 'c:'' -c 5000000000 -w 10000000000
>
> Tony
> (Author of NC_Net)
>
> On Fri, Jan 23, 2009 at 5:04 AM, 44kbps <44kbps at gmail.com> wrote:
>
> > Hi Anthony, I'm working now to get something like this.
> > I want to monitor the CPU temperature, fan velocity, and other hardware
> > info from a Windows Machine.
> > I'm having a look to WMI's Microsoft database.
> >
> > You can read about it in:
> > http://www.microsoft.com/technet/scriptcenter/scripts/default.mspx?mfr=true
> >
> > Now I'm work to get work with NSCLient++ or NC_NET.
> >
> > See you!
> >
> > Anthony Montibello escribi?:
> >
> >> USe WMI:
> >> the path to the smart data:
> >> root/Cimv2/Win32_DiskDrive/
> >> [Instance] --> Status
> >> Hope this helps
> >> Tony (Author of NC_Net)
> >> On Tue, Jan 13, 2009 at 10:49 PM, Eric Pearce <epearce at amberpoint.com<mailto:
> >> epearce at amberpoint.com>> wrote:
> >>
> >> I'd like to get SMART disk health status for Windows machines. It
> >> looks like smartctl would work fine on Windows - has someone got
> >> it working with NSClient++?
> >> I've found some people asking about this in the list archives, but
> >> haven't found any concrete examples.
> >> All I'm looking for is a basic "OK" or "something bad is going to
> >> happen soon" alert from Nagios.
> >> Thanks
> >> -e
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> This SF.net email is sponsored by:
> >> SourcForge Community
> >> SourceForge wants to tell your story.
> >> http://p.sf.net/sfu/sf-spreadtheword
> >> _______________________________________________
> >> Nagios-users mailing list
> >> Nagios-users at lists.sourceforge.net
> >> <mailto:Nagios-users at lists.sourceforge.net>
> >> https://lists.sourceforge.net/lists/listinfo/nagios-users
> >> ::: Please include Nagios version, plugin version (-v) and OS when
> >> reporting any issue.
> >> ::: Messages without supporting info will risk being sent to /dev/null
> >>
> >>
> >> ------------------------------------------------------------------------
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> This SF.net email is sponsored by:
> >> SourcForge Community
> >> SourceForge wants to tell your story.
> >> http://p.sf.net/sfu/sf-spreadtheword
> >> ------------------------------------------------------------------------
> >>
> >> _______________________________________________
> >> Nagios-users mailing list
> >> Nagios-users at lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/nagios-users
> >> ::: Please include Nagios version, plugin version (-v) and OS when
> >> reporting any issue. ::: Messages without supporting info will risk being
> >> sent to /dev/null
> >>
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 3
> Date: Sat, 24 Jan 2009 09:35:19 +0000
> From: Andy Shellam <andy-lists at networkmail.eu>
> Subject: Re: [Nagios-users] nagios service flapping
> To: Rahul Nabar <rpnabar at gmail.com>
> Cc: Nagios-Users Mailinglist <nagios-users at lists.sourceforge.net>
> Message-ID: <497AE0D7.1030908 at networkmail.eu>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Rahul,
>
> Look through your Nagios logs or run an availability report on one of
> the services for the time the flapping was happening. This report will
> list what the output was at the time it went from an OK to CRITICAL (or
> WARNING) and vice versa - it should give you a pointer to the root cause.
>
> At first guess, and as you've identified the common factor to be NRPE,
> I'd be looking at the network between your Nagios machine and the NRPE
> client/s, or possibly even the NRPE service on the client/s.
>
> Andy
>
> Rahul Nabar wrote:
> > I just had a bunch of services start flapping on me. THe common
> > factor seems all of these were services monitored by nrpe.
> >
> > //////////////
> > Notifications for this service are being suppressed because it was
> > detected as having been flapping between different states (22.4%
> > change >= 20.0% threshold). When the service state stabilizes and the
> > flapping stops, notifications will be re-enabled.
> > //////////////////
> >
> > My nrpe.cfg is pristine except for
> >
> > command[check_disk_scratch]=/usr/local/nagios/libexec/check_disk -w 20
> > -c 10 -p /scratch
> >
> > What could be causing a service to start flapping. Never happened to
> > me before. ANy debug sugesstions?
> >
> > The Status for the service is correct though.
> > DISK OK - free space: /scratch 14886 MB (52% inode=98%):
> >
> > --
> > Rahul
> >
> > snippet from services.cfg
> > define service{
> > use rpn_intermediate_service
> > hostgroup_name npre-compute-nodes
> > service_description /scratch Partition on nodes
> > check_command check_nrpe!check_disk_scratch ;
> > details defined in the nrpe.conf
> > }
> > ------------------------------------------------------------------------
> >
> > ------------------------------------------------------------------------------
> > This SF.net email is sponsored by:
> > SourcForge Community
> > SourceForge wants to tell your story.
> > http://p.sf.net/sfu/sf-spreadtheword
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
>
>
>
> ------------------------------
>
> Message: 4
> Date: Sat, 24 Jan 2009 05:03:55 -0800
> From: Kevin Keane <subscription at kkeane.com>
> Subject: Re: [Nagios-users] Nagios - LDAP/RSA authentication
> Cc: nagios-users at lists.sourceforge.net
> Message-ID: <497B11BB.1030404 at kkeane.com>
> Content-Type: text/plain; charset="US-ASCII"; format="flowed"
>
> What is the setting for refresh_rate in your cgi.cfg?
>
> Mohammed Al-Kout wrote:
> > Keven,
> >
> > Yes when nagios is doing nothing it sits exactly for 10 mins i managed
> > to make it 30 mins by changing the LDAPCacheTTL parameter in
> > httpd.conf but it only gave me time upto 30 mins then started giving
> > authentication errors because it was checking against the cached
> > password.
> >
> > we are using RSA through LDAP for the majority of our services to have
> > a secure ad centralized user DB, we have a group of users with
> > different permissions thats why the default user wouldn't work in our
> > case.
> >
> > i was hoping to find the parameter that sets the 10min idle timeout
> > for the browser/nagios/ldap combo
> >
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Sat, Jan 24, 2009 at 14:53, Kevin Keane <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>> wrote:
> >
> > If the RSA password really changes every minute, your Web browser
> > should ask for a new password every minute with the next HTTP
> > request. If Nagios simply sits there and you don't do anything, I
> > believe it refreshes every five to ten minutes. So that is when
> > the browser would ask for the new password. If you are actually
> > working with it and clicking on links, then it would probably ask
> > for a password earlier.
> >
> > BTW, could you post this back to the mailing list rather than me
> > personally? Other people may have great ideas on it, too, and this
> > type of discussion should also be archived.
> >
> > What might help here is something along the lines of Kerberos, but
> > I believe Apache does not support it, at least not out of the box.
> >
> > The other possibility is to have some kind of "front end" that
> > handles authentication and then forwards the HTTP requests to
> > Nagios. In Nagios, you could then use the default-user to allow
> > access for anyone (you wouldn't be able to restrict access by
> > group or so, though).
> >
> > Personally, I think that for Nagios purposes, you should ditch RSA
> > and go back to a local password file for nagios. I suspect using
> > RSA with Nagios actually reduces rather than increases the
> > security. This is because an attacker could potentially see many
> > different passwords, and use that to deduct information about the
> > sequence of RSA keys and possibly in the end predict the next one.
> > RSA is pretty strong overall, so this is not a huge risk, but
> > something to keep in mind.
> >
> > Mohammed Al-Kout wrote:
> >
> > Keven,
> >
> > The rsa password changes every 1 min, the nagios session
> > timeouts ( i.e requires re authentication ) every 10 mins,
> > all i need is is there a way to change this value to stay
> > longer than 10 mins ? like 2-3 hours for example.
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Sat, Jan 24, 2009 at 11:57, Kevin Keane
> > <subscription at kkeane.com <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>> wrote:
> >
> > Of course you wouldn't get it with the local passwd file,
> > because
> > that password never changes. It's not the LDAP Cache
> > settings, but
> > the fact that your RSA passwords themselves are changing
> > frequently - presumably every ten minutes - as you said
> > earlier.
> >
> > Mohammed Al-Kout wrote:
> >
> > Keven,
> >
> > we didn't get the reauthenticate window when we had the
> > local
> > passwd file once we enabled ldap authentication its
> > repopping
> > at exactly 10 mins it has something to do with the LDAP
> > Cache
> > settings.
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Fri, Jan 23, 2009 at 15:32, Kevin Keane
> > <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>> wrote:
> >
> > There is no "idle timeout" when using HTTP
> > authentication,
> > because
> > there are no sessions involved that would be idle.
> >
> > Each request stands on its own, and is separately
> > authenticated.
> >
> > Mohammed Al-Kout wrote:
> >
> > What about the idle timeout ?
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Thu, Jan 22, 2009 at 09:49, Kevin Keane
> > <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com <mailto:subscription at kkeane.com>>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>>> wrote:
> >
> > No. It has nothing to do with time. The popup
> > will
> > come up
> > every
> > time the RSA password changes. So the only
> > solution
> > is to
> > reduce
> > how often the password changes.
> >
> > Mohammed Al-Kout wrote:
> >
> > Keven,
> >
> > is it possible to give the browser certain
> > parameters to
> > increase this time ? ( we are using Firefox )
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Wed, Jan 21, 2009 at 17:19, Kevin Keane
> > <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>
> >
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>>>> wrote:
> >
> > There is no such thing as a "session" in
> > Nagios. It
> > simply
> > uses plain
> > HTTP authentication. That means that
> > the user
> > name and
> > password is
> > sent
> > with every single HTTP request;
> > request are
> > not tied
> > together the way
> > you might be used to from online banking
> > sites and
> > the like.
> >
> > What you are observing could be due to a
> > couple of
> > different factors,
> > but it is almost certainly neither LDAP,
> > Apache nor
> > Nagios,
> > but rather
> > the Web browser.
> >
> > - The most likely cause: you say that
> > the RSA
> > passwords change
> > frequently. When the RSA password
> > changes, the
> > browser has
> > no way of
> > knowing that, and will continue to
> > send the old
> > password.
> > This is
> > rejected, and the browser then pops up the
> > login dialog.
> >
> > - The browser may for some reason
> > think that
> > it is
> > connecting to a
> > different server, where the user name and
> > password
> > are no
> > longer
> > valid.
> >
> > - The browser may for some reason
> > actually forget
> > the user
> > name and
> > password.
> >
> > Mohammed Al-Kout wrote:
> > > Warner,
> > >
> > > the session seems to be expiring after (
> > 10-20) and
> > nagios asks for
> > > reauthentication, ( we are using RSA
> > passwords
> > that change
> > frequently
> > > so the LDAPCAche does not apply in
> > our case
> > ) are
> > you using
> > > mod_auth_ldap ?
> > > what are the parameters you use in the
> > httpd.conf for
> > LDAP Cache
> > settings
> > >
> > > Best Regards
> > > --
> > > Mohammed Al-Kout
> > >
> > >
> > >
> > >
> > >
> > > On Wed, Jan 21, 2009 at 16:22,
> > Werner Flamme
> > <werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>>>
> > > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>>>>> wrote:
> > >
> > > Mohammed Al-Kout [21.01.2009 14:00]:
> > > > Hello,
> > > >
> > > > i'm running Nagios 3.0.1 on
> > Apache 2.0.52
> > its been
> > running
> > on a
> > > local
> > > > userfile for sometime, recently i
> > switched
> > to LDAP
> > > authentication with
> > > > mod_auth_ldap its working
> > fine, the
> > problem
> > is i'm
> > getting the
> > > > authentication popup every
> > 10-20 mins, is
> > there a
> > way to stop
> > > this or set a
> > > > longer interval ? i'm not
> > sure what
> > is causing
> > this popup to
> > > reappear (
> > > > LDAP , Apache or Nagios ) if
> > anyone
> > has an
> > idea please
> > lemme know
> > >
> > > Neither of them. We use LDAP
> > auth for
> > years, and
> > there are
> > no such
> > > popups.
> > >
> > > Regards,
> > > Werner
> > >
> >
> >
> >
> > -- Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network
> > You Never
> > Have
> > to Think About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain
> > confidential
> > and/or proprietary information. Please be advised
> > that the
> > unauthorized use or disclosure of the information is
> > strictly
> > prohibited. The information herein is intended only
> > for use
> > by the
> > intended recipient(s) named above. If you have
> > received this
> > transmission in error, please notify the sender
> > immediately and
> > permanently delete the e-mail and any copies,
> > printouts or
> > attachments thereof.
> >
> >
> >
> >
> > -- Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network You Never
> > Have
> > to Think About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain confidential
> > and/or proprietary information. Please be advised that the
> > unauthorized use or disclosure of the information is strictly
> > prohibited. The information herein is intended only for use
> > by the
> > intended recipient(s) named above. If you have received this
> > transmission in error, please notify the sender immediately and
> > permanently delete the e-mail and any copies, printouts or
> > attachments thereof.
> >
> >
> >
> >
> > --
> > Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network You Never Have
> > to Think About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain confidential
> > and/or proprietary information. Please be advised that the
> > unauthorized use or disclosure of the information is strictly
> > prohibited. The information herein is intended only for use by the
> > intended recipient(s) named above. If you have received this
> > transmission in error, please notify the sender immediately and
> > permanently delete the e-mail and any copies, printouts or
> > attachments thereof.
> >
> >
>
>
> --
> Kevin Keane
> Owner
> The NetTech
> Find the Uncommon: Expert Solutions for a Network You Never Have to Think About
>
> Office: 866-642-7116
> http://www.4nettech.com
>
> This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 24 Jan 2009 05:11:11 -0800
> From: Kevin Keane <subscription at kkeane.com>
> Subject: Re: [Nagios-users] Nagios - LDAP/RSA authentication
> Cc: nagios-users at lists.sourceforge.net
> Message-ID: <497B136F.9080609 at kkeane.com>
> Content-Type: text/plain; charset="US-ASCII"; format="flowed"
>
> Also, does your user database support Kerberos? If so, you could try to
> use apache's mod_kerb and use a Kerberos ticket instead of the changing
> RSA password for authentication. That solves the security problem I
> mentioned earlier, as well as having to retype the password all the
> time. You will need a Kerberos-enabled browser (Internet Explorer
> supports it, I believe - not sure about any of the others). Also, it
> will probably not work if there are too many firewalls around.
>
> Mohammed Al-Kout wrote:
> > Keven,
> >
> > Yes when nagios is doing nothing it sits exactly for 10 mins i managed
> > to make it 30 mins by changing the LDAPCacheTTL parameter in
> > httpd.conf but it only gave me time upto 30 mins then started giving
> > authentication errors because it was checking against the cached
> > password.
> >
> > we are using RSA through LDAP for the majority of our services to have
> > a secure ad centralized user DB, we have a group of users with
> > different permissions thats why the default user wouldn't work in our
> > case.
> >
> > i was hoping to find the parameter that sets the 10min idle timeout
> > for the browser/nagios/ldap combo
> >
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Sat, Jan 24, 2009 at 14:53, Kevin Keane <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>> wrote:
> >
> > If the RSA password really changes every minute, your Web browser
> > should ask for a new password every minute with the next HTTP
> > request. If Nagios simply sits there and you don't do anything, I
> > believe it refreshes every five to ten minutes. So that is when
> > the browser would ask for the new password. If you are actually
> > working with it and clicking on links, then it would probably ask
> > for a password earlier.
> >
> > BTW, could you post this back to the mailing list rather than me
> > personally? Other people may have great ideas on it, too, and this
> > type of discussion should also be archived.
> >
> > What might help here is something along the lines of Kerberos, but
> > I believe Apache does not support it, at least not out of the box.
> >
> > The other possibility is to have some kind of "front end" that
> > handles authentication and then forwards the HTTP requests to
> > Nagios. In Nagios, you could then use the default-user to allow
> > access for anyone (you wouldn't be able to restrict access by
> > group or so, though).
> >
> > Personally, I think that for Nagios purposes, you should ditch RSA
> > and go back to a local password file for nagios. I suspect using
> > RSA with Nagios actually reduces rather than increases the
> > security. This is because an attacker could potentially see many
> > different passwords, and use that to deduct information about the
> > sequence of RSA keys and possibly in the end predict the next one.
> > RSA is pretty strong overall, so this is not a huge risk, but
> > something to keep in mind.
> >
> > Mohammed Al-Kout wrote:
> >
> > Keven,
> >
> > The rsa password changes every 1 min, the nagios session
> > timeouts ( i.e requires re authentication ) every 10 mins,
> > all i need is is there a way to change this value to stay
> > longer than 10 mins ? like 2-3 hours for example.
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Sat, Jan 24, 2009 at 11:57, Kevin Keane
> > <subscription at kkeane.com <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>> wrote:
> >
> > Of course you wouldn't get it with the local passwd file,
> > because
> > that password never changes. It's not the LDAP Cache
> > settings, but
> > the fact that your RSA passwords themselves are changing
> > frequently - presumably every ten minutes - as you said
> > earlier.
> >
> > Mohammed Al-Kout wrote:
> >
> > Keven,
> >
> > we didn't get the reauthenticate window when we had the
> > local
> > passwd file once we enabled ldap authentication its
> > repopping
> > at exactly 10 mins it has something to do with the LDAP
> > Cache
> > settings.
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Fri, Jan 23, 2009 at 15:32, Kevin Keane
> > <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>> wrote:
> >
> > There is no "idle timeout" when using HTTP
> > authentication,
> > because
> > there are no sessions involved that would be idle.
> >
> > Each request stands on its own, and is separately
> > authenticated.
> >
> > Mohammed Al-Kout wrote:
> >
> > What about the idle timeout ?
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Thu, Jan 22, 2009 at 09:49, Kevin Keane
> > <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com <mailto:subscription at kkeane.com>>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>>> wrote:
> >
> > No. It has nothing to do with time. The popup
> > will
> > come up
> > every
> > time the RSA password changes. So the only
> > solution
> > is to
> > reduce
> > how often the password changes.
> >
> > Mohammed Al-Kout wrote:
> >
> > Keven,
> >
> > is it possible to give the browser certain
> > parameters to
> > increase this time ? ( we are using Firefox )
> >
> > Best Regards
> > --
> > Mohammed Al-Kout
> >
> >
> >
> >
> >
> > On Wed, Jan 21, 2009 at 17:19, Kevin Keane
> > <subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>
> >
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>
> > <mailto:subscription at kkeane.com
> > <mailto:subscription at kkeane.com>>>>>> wrote:
> >
> > There is no such thing as a "session" in
> > Nagios. It
> > simply
> > uses plain
> > HTTP authentication. That means that
> > the user
> > name and
> > password is
> > sent
> > with every single HTTP request;
> > request are
> > not tied
> > together the way
> > you might be used to from online banking
> > sites and
> > the like.
> >
> > What you are observing could be due to a
> > couple of
> > different factors,
> > but it is almost certainly neither LDAP,
> > Apache nor
> > Nagios,
> > but rather
> > the Web browser.
> >
> > - The most likely cause: you say that
> > the RSA
> > passwords change
> > frequently. When the RSA password
> > changes, the
> > browser has
> > no way of
> > knowing that, and will continue to
> > send the old
> > password.
> > This is
> > rejected, and the browser then pops up the
> > login dialog.
> >
> > - The browser may for some reason
> > think that
> > it is
> > connecting to a
> > different server, where the user name and
> > password
> > are no
> > longer
> > valid.
> >
> > - The browser may for some reason
> > actually forget
> > the user
> > name and
> > password.
> >
> > Mohammed Al-Kout wrote:
> > > Warner,
> > >
> > > the session seems to be expiring after (
> > 10-20) and
> > nagios asks for
> > > reauthentication, ( we are using RSA
> > passwords
> > that change
> > frequently
> > > so the LDAPCAche does not apply in
> > our case
> > ) are
> > you using
> > > mod_auth_ldap ?
> > > what are the parameters you use in the
> > httpd.conf for
> > LDAP Cache
> > settings
> > >
> > > Best Regards
> > > --
> > > Mohammed Al-Kout
> > >
> > >
> > >
> > >
> > >
> > > On Wed, Jan 21, 2009 at 16:22,
> > Werner Flamme
> > <werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>>>
> > > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de> <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>
> > <mailto:werner.flamme at ufz.de
> > <mailto:werner.flamme at ufz.de>>>>>>> wrote:
> > >
> > > Mohammed Al-Kout [21.01.2009 14:00]:
> > > > Hello,
> > > >
> > > > i'm running Nagios 3.0.1 on
> > Apache 2.0.52
> > its been
> > running
> > on a
> > > local
> > > > userfile for sometime, recently i
> > switched
> > to LDAP
> > > authentication with
> > > > mod_auth_ldap its working
> > fine, the
> > problem
> > is i'm
> > getting the
> > > > authentication popup every
> > 10-20 mins, is
> > there a
> > way to stop
> > > this or set a
> > > > longer interval ? i'm not
> > sure what
> > is causing
> > this popup to
> > > reappear (
> > > > LDAP , Apache or Nagios ) if
> > anyone
> > has an
> > idea please
> > lemme know
> > >
> > > Neither of them. We use LDAP
> > auth for
> > years, and
> > there are
> > no such
> > > popups.
> > >
> > > Regards,
> > > Werner
> > >
> >
> >
> >
> > -- Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network
> > You Never
> > Have
> > to Think About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain
> > confidential
> > and/or proprietary information. Please be advised
> > that the
> > unauthorized use or disclosure of the information is
> > strictly
> > prohibited. The information herein is intended only
> > for use
> > by the
> > intended recipient(s) named above. If you have
> > received this
> > transmission in error, please notify the sender
> > immediately and
> > permanently delete the e-mail and any copies,
> > printouts or
> > attachments thereof.
> >
> >
> >
> >
> > -- Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network You Never
> > Have
> > to Think About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain confidential
> > and/or proprietary information. Please be advised that the
> > unauthorized use or disclosure of the information is strictly
> > prohibited. The information herein is intended only for use
> > by the
> > intended recipient(s) named above. If you have received this
> > transmission in error, please notify the sender immediately and
> > permanently delete the e-mail and any copies, printouts or
> > attachments thereof.
> >
> >
> >
> >
> > --
> > Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network You Never Have
> > to Think About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain confidential
> > and/or proprietary information. Please be advised that the
> > unauthorized use or disclosure of the information is strictly
> > prohibited. The information herein is intended only for use by the
> > intended recipient(s) named above. If you have received this
> > transmission in error, please notify the sender immediately and
> > permanently delete the e-mail and any copies, printouts or
> > attachments thereof.
> >
> >
>
>
> --
> Kevin Keane
> Owner
> The NetTech
> Find the Uncommon: Expert Solutions for a Network You Never Have to Think About
>
> Office: 866-642-7116
> http://www.4nettech.com
>
> This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Sat, 24 Jan 2009 15:03:07 +0300
> From: Mohammed Al-Kout <mjkout at gmail.com>
> Subject: Re: [Nagios-users] Nagios - LDAP/RSA authentication
> To: Kevin Keane <subscription at kkeane.com>,
> nagios-users at lists.sourceforge.net
> Message-ID:
> <c780d0110901240403xf6cc918mf10099cd03028a76 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Keven,
>
> Yes when nagios is doing nothing it sits exactly for 10 mins i managed to
> make it 30 mins by changing the LDAPCacheTTL parameter in httpd.conf but it
> only gave me time upto 30 mins then started giving authentication errors
> because it was checking against the cached password.
>
> we are using RSA through LDAP for the majority of our services to have a
> secure ad centralized user DB, we have a group of users with different
> permissions thats why the default user wouldn't work in our case.
>
> i was hoping to find the parameter that sets the 10min idle timeout for the
> browser/nagios/ldap combo
>
>
> Best Regards
> --
> Mohammed Al-Kout
>
>
>
>
>
> On Sat, Jan 24, 2009 at 14:53, Kevin Keane <subscription at kkeane.com> wrote:
>
> > If the RSA password really changes every minute, your Web browser should
> > ask for a new password every minute with the next HTTP request. If Nagios
> > simply sits there and you don't do anything, I believe it refreshes every
> > five to ten minutes. So that is when the browser would ask for the new
> > password. If you are actually working with it and clicking on links, then it
> > would probably ask for a password earlier.
> >
> > BTW, could you post this back to the mailing list rather than me
> > personally? Other people may have great ideas on it, too, and this type of
> > discussion should also be archived.
> >
> > What might help here is something along the lines of Kerberos, but I
> > believe Apache does not support it, at least not out of the box.
> >
> > The other possibility is to have some kind of "front end" that handles
> > authentication and then forwards the HTTP requests to Nagios. In Nagios, you
> > could then use the default-user to allow access for anyone (you wouldn't be
> > able to restrict access by group or so, though).
> >
> > Personally, I think that for Nagios purposes, you should ditch RSA and go
> > back to a local password file for nagios. I suspect using RSA with Nagios
> > actually reduces rather than increases the security. This is because an
> > attacker could potentially see many different passwords, and use that to
> > deduct information about the sequence of RSA keys and possibly in the end
> > predict the next one. RSA is pretty strong overall, so this is not a huge
> > risk, but something to keep in mind.
> >
> > Mohammed Al-Kout wrote:
> >
> >> Keven,
> >>
> >> The rsa password changes every 1 min, the nagios session timeouts ( i.e
> >> requires re authentication ) every 10 mins, all i need is is there a way to
> >> change this value to stay longer than 10 mins ? like 2-3 hours for example.
> >>
> >> Best Regards
> >> --
> >> Mohammed Al-Kout
> >>
> >>
> >>
> >>
> >>
> >> On Sat, Jan 24, 2009 at 11:57, Kevin Keane <subscription at kkeane.com<mailto:
> >> subscription at kkeane.com>> wrote:
> >>
> >> Of course you wouldn't get it with the local passwd file, because
> >> that password never changes. It's not the LDAP Cache settings, but
> >> the fact that your RSA passwords themselves are changing
> >> frequently - presumably every ten minutes - as you said earlier.
> >>
> >> Mohammed Al-Kout wrote:
> >>
> >> Keven,
> >>
> >> we didn't get the reauthenticate window when we had the local
> >> passwd file once we enabled ldap authentication its repopping
> >> at exactly 10 mins it has something to do with the LDAP Cache
> >> settings.
> >>
> >> Best Regards
> >> --
> >> Mohammed Al-Kout
> >>
> >>
> >>
> >>
> >>
> >> On Fri, Jan 23, 2009 at 15:32, Kevin Keane
> >> <subscription at kkeane.com <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>>> wrote:
> >>
> >> There is no "idle timeout" when using HTTP authentication,
> >> because
> >> there are no sessions involved that would be idle.
> >>
> >> Each request stands on its own, and is separately
> >> authenticated.
> >>
> >> Mohammed Al-Kout wrote:
> >>
> >> What about the idle timeout ?
> >>
> >> Best Regards
> >> --
> >> Mohammed Al-Kout
> >>
> >>
> >>
> >>
> >>
> >> On Thu, Jan 22, 2009 at 09:49, Kevin Keane
> >> <subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com <mailto:subscription at kkeane.com>>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>>>> wrote:
> >>
> >> No. It has nothing to do with time. The popup will
> >> come up
> >> every
> >> time the RSA password changes. So the only solution
> >> is to
> >> reduce
> >> how often the password changes.
> >>
> >> Mohammed Al-Kout wrote:
> >>
> >> Keven,
> >>
> >> is it possible to give the browser certain
> >> parameters to
> >> increase this time ? ( we are using Firefox )
> >>
> >> Best Regards
> >> --
> >> Mohammed Al-Kout
> >>
> >>
> >>
> >>
> >>
> >> On Wed, Jan 21, 2009 at 17:19, Kevin Keane
> >> <subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com <mailto:subscription at kkeane.com>>>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>>
> >>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>
> >> <mailto:subscription at kkeane.com
> >> <mailto:subscription at kkeane.com>>>>> wrote:
> >>
> >> There is no such thing as a "session" in
> >> Nagios. It
> >> simply
> >> uses plain
> >> HTTP authentication. That means that the user
> >> name and
> >> password is
> >> sent
> >> with every single HTTP request; request are
> >> not tied
> >> together the way
> >> you might be used to from online banking
> >> sites and
> >> the like.
> >>
> >> What you are observing could be due to a
> >> couple of
> >> different factors,
> >> but it is almost certainly neither LDAP,
> >> Apache nor
> >> Nagios,
> >> but rather
> >> the Web browser.
> >>
> >> - The most likely cause: you say that the RSA
> >> passwords change
> >> frequently. When the RSA password changes, the
> >> browser has
> >> no way of
> >> knowing that, and will continue to send the old
> >> password.
> >> This is
> >> rejected, and the browser then pops up the
> >> login dialog.
> >>
> >> - The browser may for some reason think that
> >> it is
> >> connecting to a
> >> different server, where the user name and
> >> password
> >> are no
> >> longer
> >> valid.
> >>
> >> - The browser may for some reason actually forget
> >> the user
> >> name and
> >> password.
> >>
> >> Mohammed Al-Kout wrote:
> >> > Warner,
> >> >
> >> > the session seems to be expiring after (
> >> 10-20) and
> >> nagios asks for
> >> > reauthentication, ( we are using RSA passwords
> >> that change
> >> frequently
> >> > so the LDAPCAche does not apply in our case
> >> ) are
> >> you using
> >> > mod_auth_ldap ?
> >> > what are the parameters you use in the
> >> httpd.conf for
> >> LDAP Cache
> >> settings
> >> >
> >> > Best Regards
> >> > --
> >> > Mohammed Al-Kout
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > On Wed, Jan 21, 2009 at 16:22, Werner Flamme
> >> <werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>>>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>>>>
> >> > <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>
> >> <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>>> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>
> >> <mailto:werner.flamme at ufz.de <mailto:werner.flamme at ufz.de>>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>
> >> <mailto:werner.flamme at ufz.de
> >> <mailto:werner.flamme at ufz.de>>>>>> wrote:
> >> >
> >> > Mohammed Al-Kout [21.01.2009 14:00]:
> >> > > Hello,
> >> > >
> >> > > i'm running Nagios 3.0.1 on Apache 2.0.52
> >> its been
> >> running
> >> on a
> >> > local
> >> > > userfile for sometime, recently i
> >> switched
> >> to LDAP
> >> > authentication with
> >> > > mod_auth_ldap its working fine, the
> >> problem
> >> is i'm
> >> getting the
> >> > > authentication popup every 10-20 mins, is
> >> there a
> >> way to stop
> >> > this or set a
> >> > > longer interval ? i'm not sure what
> >> is causing
> >> this popup to
> >> > reappear (
> >> > > LDAP , Apache or Nagios ) if anyone
> >> has an
> >> idea please
> >> lemme know
> >> >
> >> > Neither of them. We use LDAP auth for
> >> years, and
> >> there are
> >> no such
> >> > popups.
> >> >
> >> > Regards,
> >> > Werner
> >> >
> >>
> >>
> >>
> >> -- Kevin Keane
> >> Owner
> >> The NetTech
> >> Find the Uncommon: Expert Solutions for a Network You Never
> >> Have
> >> to Think About
> >>
> >> Office: 866-642-7116
> >> http://www.4nettech.com
> >>
> >> This e-mail and attachments, if any, may contain confidential
> >> and/or proprietary information. Please be advised that the
> >> unauthorized use or disclosure of the information is strictly
> >> prohibited. The information herein is intended only for use
> >> by the
> >> intended recipient(s) named above. If you have received this
> >> transmission in error, please notify the sender immediately and
> >> permanently delete the e-mail and any copies, printouts or
> >> attachments thereof.
> >>
> >>
> >>
> >>
> >> -- Kevin Keane
> >> Owner
> >> The NetTech
> >> Find the Uncommon: Expert Solutions for a Network You Never Have
> >> to Think About
> >>
> >> Office: 866-642-7116
> >> http://www.4nettech.com
> >>
> >> This e-mail and attachments, if any, may contain confidential
> >> and/or proprietary information. Please be advised that the
> >> unauthorized use or disclosure of the information is strictly
> >> prohibited. The information herein is intended only for use by the
> >> intended recipient(s) named above. If you have received this
> >> transmission in error, please notify the sender immediately and
> >> permanently delete the e-mail and any copies, printouts or
> >> attachments thereof.
> >>
> >>
> >>
> >
> > --
> > Kevin Keane
> > Owner
> > The NetTech
> > Find the Uncommon: Expert Solutions for a Network You Never Have to Think
> > About
> >
> > Office: 866-642-7116
> > http://www.4nettech.com
> >
> > This e-mail and attachments, if any, may contain confidential and/or
> > proprietary information. Please be advised that the unauthorized use or
> > disclosure of the information is strictly prohibited. The information herein
> > is intended only for use by the intended recipient(s) named above. If you
> > have received this transmission in error, please notify the sender
> > immediately and permanently delete the e-mail and any copies, printouts or
> > attachments thereof.
> >
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
>
> ------------------------------
>
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
>
> End of Nagios-users Digest, Vol 32, Issue 24
> ********************************************
--
Sincerely,
Owen LaGarde
Senior Systems Administrator
Owen.M.LaGarde at usace.army.mil
1-800-522-6937 x4879
Engineering Research and Development Center
attn: CEERD-IH-C (Owen LaGarde)
3909 Halls Ferry Road
Vicksburg, MS 39180-6199
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090128/8f52ddbf/attachment.sig>
-------------- next part --------------
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list