<div dir="ltr"><div class="gmail_quote">On Tue, Sep 23, 2008 at 13:13, stan <span dir="ltr"><<a href="mailto:stanb@panix.com">stanb@panix.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"> I am trying to get a Nagios installation in production. I have most of the<br> first phase of it working as desired, but the final hurdle to getting it<br> actually used is setting up authentication for the users.<br> <br> Now, in a perfect world, I would as soon not have authentication turned on,<br> but the contractor i have doing the work tells me that Nagios will not work<br> without this. I have a mail machine that all of my users do have accounts<br> on, and I would like to use it as an NIS master to allow the users to<br> re-use their existing credentials to access Nagios, and nagvis.<br> <br> Has anyone gotten this working? Any tips? We seem to be struggling to get<br> this working. At present the machine running Nagios will allow users to log<br> in to it using their NIS credentials, but we are struggling to get Apache to<br> understand how to check NIS for this.</blockquote><div><br></div><div>We have Nagios authenticating through our LDAP, except that the CGI needs to have wildcards in its various redundant authorizations so that anyone in the right LDAP groups who can get through the LDAP isn't then stopped by the guy who forgot to configure Nagios to let it through (human error, restarting nagios as well).</div> <div><br></div><div>Your NIS would be a similar condition: wildcard ACLs in the CGI.</div><div><br></div><div>Is there compatibility between <a href="http://httpd.apache.org/docs/2.2/mod/mod_authn_dbm.html">http://httpd.apache.org/docs/2.2/mod/mod_authn_dbm.html</a> and an NIS Secondary/Slave? An NIS Secondary would have full maps transferred, and I thought those were hashed files as transferred as well. Alternatively, extract the original text maps as .htpasswd/.htgroup files and winch them over to Apache. Yeah, low-tech, not so classy, and you've probably already considered it.</div> <div><br></div><div>Allan</div><div>-- </div></div><a href="mailto:allanc@chickenandporn.com">allanc@chickenandporn.com</a> "金鱼" <a href="http://linkedin.com/in/goldfish">http://linkedin.com/in/goldfish</a><br>please, no proprietary attachments (<a href="http://tinyurl.com/cbgq">http://tinyurl.com/cbgq</a>)<br> </div>