n00b trying to set up on freebsd

Marc Powell marc at ena.com
Mon Jan 25 23:16:26 CET 2010
Previous message: n00b trying to set up on freebsd
Next message: n00b trying to set up on freebsd
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jan 25, 2010, at 3:40 PM, Kurt Buff wrote:

> On Mon, Jan 25, 2010 at 13:08, Scott Lambert <lambert at lambertfam.org> wrote:
>> On Mon, Jan 25, 2010 at 11:51:51AM -0800, Kurt Buff wrote:
>>> On Fri, Jan 22, 2010 at 20:03, Scott Lambert <lambert at lambertfam.org> wrote:
>>>> On Fri, Jan 22, 2010 at 04:19:58PM -0800, Kurt Buff wrote:
>>>>> Forgot to mention: When I get the directory listing, there is no auth
>>>>> taking place - I don't get asked for a username or password.
>>>> 
>>>> You don't get asked for a password due to the Allow of your IP address.
>>>> 
>>>> What does the directory list?  Is there an index.something file?
>>>> 
>>>> If so, you probably don't have the index.something listed in your
>>>> DirectoryIndexes statement.  You may need to install PHP and configure
>>>> Apache to use it.
>>> 
>>> Once more into the breach...
>>> 
>>> I've got the php issue solved, so the site is showing up just fine.
>>> 
>>> Using lynx on localhost, I get prompted for a login to nagios and get
>>> to the home page and subsidiary pages just fine, but from FF on a
>>> remote box I get no login prompt, and the home page just comes up, and
>>> it shows as me being logged in as nagiosadmin for any of the pages I
>>> then select. While this works, it's a bit insecure.
>>> 
>>> I'd like to set it up so that 1) we get prompted for login and 2) only
>>> logins from authorized subnets are allowed, though if I can only have
>>> one, I'll take a login prompt. Below is the snippet of httpd.conf for
>>> nagios. I was terribly unsuccessful trying to 'Deny from all' and then
>>> specify, for instance, 'Allow from 192.168.24.0/24'.
>> 
>> You don't have any access allow based on IP.  That makes me think that
>> you probably haven't exitted Firefox since you logged in as nagiosadmin
>> while testing.  With HTTP Basic Authentication, there is no "Log Out"
>> there is only, "forget you know the password" for the web browser.
>> Firefox remembers the username and password until you exit and launch it
>> again.
>> 
>> You may also need to check to see if Firefox has memorized the username
>> and password in it's master authentication database.  That will persist
>> across restarts.
>> 
>> --
>> Scott Lambert                    KC5MLE                       Unix SysAdmin
>> lambert at lambertfam.org
> 
> So, yes, restarting FF on my box does then cause the auth prompt.
> However, if I change httpd.conf to the following, I still get the auth
> prompt, but then get denied for anything but the home page -

What version of apache and what does error_log have to say about it?

/usr/local/www/nagios/cgi-bin is the physical directory on your server that contains the *.cgi files?

> <Directory "/usr/local/www/nagios/cgi-bin">
>  Options ExecCGI
>  AllowOverride None
>  Order allow,deny

You didn't change the Order directive here.

> #  Allow from all
>  Deny from all
>  Allow from 127.0.0.1
>  Allow from 192.168.8.0/24
>  Allow from 192.168.24.0/24
>  AuthName "Nagios Access"
>  AuthType Basic
>  AuthUserFile /usr/local/etc/nagios/htpasswd.users
>  Require valid-user
> </Directory>

I've just successfully tested with the following config for the cgi directory. I was blocked if I came from anywhere besides 172.27.2.0/24 and I was prompted for username/password if I did. I've left everything intact as I tested it --

<Directory /usr/local/nagios/sbin>
 Options ExecCGI
 AllowOverride None
 Order deny,allow
 Deny from all
 Allow from 172.27.2.0/24
 AuthName "Nagios Access"
 AuthType Basic
 AuthUserFile /usr/local/nagios/etc/htpasswd.users
 Require valid-user
</Directory>

Things you need to change should only be -
	<Directory [/path/to/cgi's]>
	Allow from [your block] (multiple Allow from's...)
	AuthUserFile [/path/to/htpasswd.users]

Once you've got this part working correctly, verify that you have 'use_authentication=1' in cgi.cfg.

--
Marc



------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: n00b trying to set up on freebsd
Next message: n00b trying to set up on freebsd
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list