Deferring user authentication to the server *and* using server defined usernames?

[Owen LaGarde]

I've seen reference to using the SSL certificate authentication
performed by httpd to drive Nagios user identification -- the LCG wiki
at https://twiki.cern.ch/twiki/bin/view/LCG/GridMonitoringNagiosInstall
mentions a form of this.  I'd like to go a step further and use one of
the environment variables (specifically SSL_CLIENT_S_DN_CN) defined by
mod_ssl to specify the user name.  This is primarily driven by a number
of issues -- well outside the scope of this list -- springing from the
DoD's use of this certificate component.  The basic idea is to set an
environment variable, say, USERNAME, to SSL_CLIENT_S_DN_CN when mod_ssl
builds the session, and have Nagios honor it as trusted and assign
roles/capabilities to it in the usual places.  As an example see Numara
Footprints' use of $USERNAME, which it expects mod_ssl to populate when
the auth method is "external".  Does anyone else do this?


-- 
Sincerely,

    Owen LaGarde
    Senior Systems Administrator
    Owen.M.LaGarde at erdc.usace.army.mil
    1-800-522-6937 x4879

Engineering Research and Development Center
attn: CEERD-IH-C (Owen LaGarde)
3909 Halls Ferry Road
Vicksburg, MS 39180-6199
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080523/20673567/attachment.sig>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null