[Nagios-users] Re: How to Loggout?
local.coder
code at novageeks.org
Fri Jun 4 15:49:08 CEST 2004
This I have to strongly disagree with. A logout page is something that can be
done by you as there are numerous apache docs on user logout.
However letting the web server do the auth is the best way to accomplish that
task. We use Nagios as part of an overall Noc Website that includes docs and
other infromation. We integrate the nagios status screens and urls inside that
site and use one login across the whole site. Since nagios reads the
authenticated user I don't have to configure two seperate authentication
systems. On top of that we are now moving to apache with an LDAP back end
authentication. There are several different apache modules for authenticating
anyone anywhere anyway you want and to bring that burden on Nagios I think
would be a mistake.
just my .02
Derrick
Quoting Leonardo Henrique Machado <leoh at dcc.ufmg.br>:
>
> Devel Team,
>
> are you all thinking about a solutinon to this problema?
>
> I realy think it's a very important feature that nagios lacks. Why cannot
> Nagios handle the autentication by it self?
>
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole (.htaccess
> is also very unsafe).
>
> I hope it could be in Nagios 2.0.
>
>
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
>
> > Jason Martin writes:
> >
> > > It is actually a problem with the HTTP Spec
> >
> > Not really. The spec provides a simple means of authenticating yourself.
> > In many cases it is reasonable to assume that you will want to keep on
> > authenticating yourself. In some situations you need to be able to logout,
> > and then it is up to the website to use a different means of
> authentication.
> >
> > Yahoo, Hotmail and many other sites all use a different means of
> > authentication so people can logout, because these are services that are
> > often accessed from internet cafes or library internet terminals. Most
> > people who use Nagios have little need to be able to logout, so it was
> > reasonable for Ethan to use the HTTP authentiaction mechanism.
> >
> > > once a password is provided for a security realm, there isn't a way to
> > > get the server to 'forget' it.
> >
> > It is the browser that remembers the credentials, not the server. You
> > may be able to fiddle it with a sub-directory which has a .htaccess
> > defining the same realm but pointing to an empty password file. Going
> > to a page there may cause the browser to put up another login box, which
> > will fail, then the password is forgotten. Clumsy, but not as clumsy as
> > restarting your browser.
> >
> > --
> > Paul Allen
> > Softflare Support
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by the new InstallShield X.
> > >From Windows to Linux, servers to mobile, InstallShield X is the one
> > installation-authoring solution that does it all. Learn more and
> > evaluate today! http://www.installshield.com/Dev2Dev/0504
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
> --
> Leonardo Henrique Machado
> Último Período em Ciência da Computacao
> Universidade Federal de Minas Gerais
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
> installation-authoring solution that does it all. Learn more and
> evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
>
-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
More information about the Developers
mailing list