Web authentication via Radius
Subhendu Ghosh
sghosh at sghosh.org
Thu Aug 25 00:31:42 CEST 2005
On Wed, 24 Aug 2005, Tony wrote:
> We have a radius server that is used to authenticate staff logging onto our
> routers and switches, Id like to be able to use the radius server to
> authenticate staff logging into the Nagios web interface also.
>
> Ive been able to install the mod_auth_xradius module on our Nagios server
> and can get authentication working via the radius server without any
> problems, however any users I want to be able to access and view the Nagios
> pages needs to be added to the cgi.cfg file in all the relevant places.
>
> What would be good is not to have to add these usernames to the cgi.cfg file
> which means any new users that are added to the radius users database
> doesnt also have to be added to the cgi.cfg file.
>
>
>
> So is there a way to just let Nagios give full access to all web functions
> as long as they pass the web authentication first without having to add the
> usernames into the cgi.cfg file?
>
> All users would be admin users anyway so they would not need to be limited
> to certain functions.
>
>
>
> I know we can give one login username/password to everyone but Id like to
> be able to see who is logging in and keep track of what they are doing and
> with one generic username/password that would be hard to do.
>
>
>
use wildcard in cgi.cfg - for all the authorized_for* entries put in "*".
This lets any user authenticated to the web server see/do stuff.
The ones of particular interest are:
authorized_for_all_services=*
authorized_for_all_hosts=*
This way they can see hosts and services for which they are not a contact.
--
-sg
More information about the Users
mailing list