CGI Authoristaion problem (and yes I have read the FAQ)
deny
deny at monaco.net
Thu Dec 11 16:52:19 CET 2003
Patrick Ouellet wrote:
> I have a simmilar problem.
>
> When I try to access the CGIs I am asked for a
> user/pass but anything I enter get refused and
> the prompt come back until I hit cancel,
> then I get authorization required page. (401)
>
hi
i find that in this doc that resolve my problem
http://www.onlamp.com/pub/a/onlamp/2002/09/26/nagios.html?page=3
This configuration creates a Web alias '/nagios/cgi-bin/' and directs it
to the cgi scripts in your Nagios 'sbin' directory. Assuming your main
Web site is set up at http://127.0.0.1, you will be able to access the
Nagios Web interface at http://127.0.0.1/nagios/ . At this point, the
Nagios Web interface should come up properly, but you will notice that
you cannot access any of the pages. You will get an error message that
looks like the following.
It appears as though you do not have permission to view information
for any of the hosts you requested... If you believe this is an error,
check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.
This is a security precaution that is designed to only allow authorized
people to be able to access the monitoring interface. The authentication
is handled by your Web server using Basic HTTP Authentication (i.e.
.htaccess). Nagios then uses the credentials for the user who has logged
in and matches it with the contacts.cfg contact_name entries to
determine which sections of the Web interface the current user can access.
Configuring .htaccess based authentication is easy provided that your
Web server is already configured to use it. Please refer to the
documentation for your Web server if it's not configured. We will assume
that our Apache server is configured to look at the .htaccess file and
apply the directives found in it.
First, create a file called .htaccess in the /usr/local/nagios/sbin
directory. If you would like to lock up your Nagios Web interface
completely, you can also put a copy of the same file in the
/usr/local/nagios/share directory.
Put the following in this .htaccess file.
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user
When you're adding your first user, the password file that .htaccess
refers to will not be present. You need to run the 'htpasswd' command
with the -c option to create the file.
htpasswd -c /usr/local/nagios/etc/htpasswd.users oktay
New password: ******
Re-type new password: ******
Adding password for user oktay
For the rest of your users, use the 'htpasswd' command without the '-c'
option so as not to overwrite the existing one. After you add all of
your users, you can go back to the Web interface which will now pop up
an authentication dialog. Upon successful authentication, you can start
using the Web interface. I will not go into detail about using the Web
interface since it's pretty self explanatory. Notice that your users
will only be able to access information for servers that they are
associated with in the Nagios configuration files. Also, some sections
of the Web interface will be disabled for everyone by default. If you
would like to enable those, take a look at 'etc/cgi.cfg'. For instance,
in order to allow the user 'oktay' to access the 'Process Info' section,
uncomment the 'authorized_for_system_information' line and add 'oktay'
to the list of names delimited by commas.
--
http://www.linux-pour-lesnuls.com
-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive? Does it
help you create better code? SHARE THE LOVE, and help us help
YOU! Click Here: http://sourceforge.net/donate/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list