n00b trying to set up on freebsd

Kurt Buff kurt.buff at gmail.com
Mon Jan 25 22:40:20 CET 2010


On Mon, Jan 25, 2010 at 13:08, Scott Lambert <lambert at lambertfam.org> wrote:
> On Mon, Jan 25, 2010 at 11:51:51AM -0800, Kurt Buff wrote:
>> On Fri, Jan 22, 2010 at 20:03, Scott Lambert <lambert at lambertfam.org> wrote:
>> > On Fri, Jan 22, 2010 at 04:19:58PM -0800, Kurt Buff wrote:
>> >> Forgot to mention: When I get the directory listing, there is no auth
>> >> taking place - I don't get asked for a username or password.
>> >
>> > You don't get asked for a password due to the Allow of your IP address.
>> >
>> > What does the directory list?  Is there an index.something file?
>> >
>> > If so, you probably don't have the index.something listed in your
>> > DirectoryIndexes statement.  You may need to install PHP and configure
>> > Apache to use it.
>>
>> Once more into the breach...
>>
>> I've got the php issue solved, so the site is showing up just fine.
>>
>> Using lynx on localhost, I get prompted for a login to nagios and get
>> to the home page and subsidiary pages just fine, but from FF on a
>> remote box I get no login prompt, and the home page just comes up, and
>> it shows as me being logged in as nagiosadmin for any of the pages I
>> then select. While this works, it's a bit insecure.
>>
>> I'd like to set it up so that 1) we get prompted for login and 2) only
>> logins from authorized subnets are allowed, though if I can only have
>> one, I'll take a login prompt. Below is the snippet of httpd.conf for
>> nagios. I was terribly unsuccessful trying to 'Deny from all' and then
>> specify, for instance, 'Allow from 192.168.24.0/24'.
>
> You don't have any access allow based on IP.  That makes me think that
> you probably haven't exitted Firefox since you logged in as nagiosadmin
> while testing.  With HTTP Basic Authentication, there is no "Log Out"
> there is only, "forget you know the password" for the web browser.
> Firefox remembers the username and password until you exit and launch it
> again.
>
> You may also need to check to see if Firefox has memorized the username
> and password in it's master authentication database.  That will persist
> across restarts.
>
> --
> Scott Lambert                    KC5MLE                       Unix SysAdmin
> lambert at lambertfam.org

So, yes, restarting FF on my box does then cause the auth prompt.
However, if I change httpd.conf to the following, I still get the auth
prompt, but then get denied for anything but the home page - I've also
verified with IE, which I don't much use any more. And, just for
completeness, the nagios installation is at 192.168.8.20/24

----------end httpd.conf snippet----------
ScriptAlias /nagios/cgi-bin /usr/local/www/nagios/cgi-bin/
Alias /nagios /usr/local/www/nagios/

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

<Directory "/usr/local/www/nagios">
  Options None
  AllowOverride None
  Order deny,allow
#  Allow from all
  Deny from all
  Allow from 127.0.0.1
  Allow from 192.168.8.0/24
  Allow from 192.168.24.0/24
  AuthName "Nagios Access"
  AuthType Basic
  AuthUserFile /usr/local/etc/nagios/htpasswd.users
  Require valid-user
  php_flag engine on
  php_admin_value open_basedir /usr/local/www/nagios/:/var/spool/nagios/
</Directory>

<Directory "/usr/local/www/nagios/cgi-bin">
  Options ExecCGI
  AllowOverride None
  Order allow,deny
#  Allow from all
  Deny from all
  Allow from 127.0.0.1
  Allow from 192.168.8.0/24
  Allow from 192.168.24.0/24
  AuthName "Nagios Access"
  AuthType Basic
  AuthUserFile /usr/local/etc/nagios/htpasswd.users
  Require valid-user
</Directory>
----------end httpd.conf snippet----------

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list