check_http with authentication

Andreas Ericsson ae at op5.se
Mon Nov 1 14:23:08 CET 2004

Previous message: check_http with authentication
Next message: check_http with authentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pete Dewell wrote:
> Hi,
> 
> I'm trying to set up a check_http command with authentication on an IIS 
> server that requires the NT domain to be entered as part of the 
> authentication.
> 
> The command I am using is :-
> 
> check_http 10.1.1.1 -a NTdomain\user:password
> 
> I can't seem to get this to authenticate via Nagios (always returns 
> 401), although it works fine in Firefox/Netscape/Mozilla browsers. I've 
> tried escaping the \, quotes, and a few other things, to no avail.
> 

I assume it works nicely on any browser running on Windows. The NT 
Domain thing logon is an MS speciality. If I've understood this 
correctly, the web-server connects back to the client requesting a 
login. The client then provides a username and a hash of the password, 
along with machine name and some other stuff. Not only is this very 
insecure (taking into account the incredibly weak hashing schemes of MS 
os'es), but it requires the client to act as a server in the second 
exchange as well, with all the added risks that brings.

> Has anybody managed to do this before, or is the only way to get this to 
> work to use a "-e 401" option on the command, and expect a "not 
> authorised" message?
> 

I imagine you can use samba and tweak it up a little (although I'm not 
sure it's even possible to set its restrictions to the incredibly flimsy 
ones default in most MS installations) or simply hack your way around it 
using a tcpdump dump file and set up a daemon to spew out a hardcoded 
valid response when the web-server asks for it.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer

-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_http with authentication
Next message: check_http with authentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list