CGI Authoristaion problem (and yes I have read the FAQ)

deny deny at monaco.net
Thu Dec 11 16:52:19 CET 2003


Patrick Ouellet wrote:
> I have a simmilar problem.
> 
> When I try to access the CGIs I am asked for a
> user/pass but anything I enter get refused and
> the prompt come back until I hit cancel,
> then I get authorization required page. (401)
> 
hi
i find that in this doc that resolve my problem
http://www.onlamp.com/pub/a/onlamp/2002/09/26/nagios.html?page=3



This configuration creates a Web alias '/nagios/cgi-bin/' and directs it 
to the cgi scripts in your Nagios 'sbin' directory. Assuming your main 
Web site is set up at http://127.0.0.1, you will be able to access the 
Nagios Web interface at http://127.0.0.1/nagios/ . At this point, the 
Nagios Web interface should come up properly, but you will notice that 
you cannot access any of the pages. You will get an error message that 
looks like the following.

     It appears as though you do not have permission to view information 
for any of the hosts you requested... If you believe this is an error, 
check the HTTP server authentication requirements for accessing this CGI 
and check the authorization options in your CGI configuration file.

This is a security precaution that is designed to only allow authorized 
people to be able to access the monitoring interface. The authentication 
is handled by your Web server using Basic HTTP Authentication (i.e. 
.htaccess). Nagios then uses the credentials for the user who has logged 
in and matches it with the contacts.cfg contact_name entries to 
determine which sections of the Web interface the current user can access.

Configuring .htaccess based authentication is easy provided that your 
Web server is already configured to use it. Please refer to the 
documentation for your Web server if it's not configured. We will assume 
that our Apache server is configured to look at the .htaccess file and 
apply the directives found in it.

First, create a file called .htaccess in the /usr/local/nagios/sbin 
directory. If you would like to lock up your Nagios Web interface 
completely, you can also put a copy of the same file in the 
/usr/local/nagios/share directory.

Put the following in this .htaccess file.

AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user

When you're adding your first user, the password file that .htaccess 
refers to will not be present. You need to run the 'htpasswd' command 
with the -c option to create the file.

htpasswd -c /usr/local/nagios/etc/htpasswd.users oktay
New password: ******
Re-type new password: ******
Adding password for user oktay

For the rest of your users, use the 'htpasswd' command without the '-c' 
option so as not to overwrite the existing one. After you add all of 
your users, you can go back to the Web interface which will now pop up 
an authentication dialog. Upon successful authentication, you can start 
using the Web interface. I will not go into detail about using the Web 
interface since it's pretty self explanatory. Notice that your users 
will only be able to access information for servers that they are 
associated with in the Nagios configuration files. Also, some sections 
of the Web interface will be disabled for everyone by default. If you 
would like to enable those, take a look at 'etc/cgi.cfg'. For instance, 
in order to allow the user 'oktay' to access the 'Process Info' section, 
uncomment the 'authorized_for_system_information' line and add 'oktay' 
to the list of names delimited by commas.

-- 
http://www.linux-pour-lesnuls.com



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list