[Nagios-users] Re: How to Loggout?
Andreas Ericsson
ae at op5.se
Fri Jun 4 15:50:55 CEST 2004
Leonardo Henrique Machado wrote:
> Devel Team,
>
> are you all thinking about a solutinon to this problema?
>
I can't imagine they are.
> I realy think it's a very important feature that nagios lacks. Why cannot
> Nagios handle the autentication by it self?
>
Because handling authentication properly is a non-trivial task, which
really isn't nagios's job.
Besides, apache is very good at it, and not many users have requested
the feature. If you want to log out, close the browser.
If it's really _REALLY_ important that you're logged in as different
users simultaneously (although I cannot for the world of me think of a
reason why you'd want that unless you're already hacking at the cgi's),
you can always hire a consultant to rewrite the GUI for you, or do it
yourself.
> We could also have an admin interface to let the contacts change their
> passwords.
This is trivial to implement with the current authentication system and
some moderately clever PHP/Perl/shell/C/whatever code.
> I don't think that the it would be a security hole
Not so long as proper whitelists ( [A-Za-z0-9] ) are applied, if
htpasswd is to be called.
> (.htaccess is also very unsafe).
>
Only if misconfigured, in which case anything is very unsafe.
> I hope it could be in Nagios 2.0.
>
It probably will be available when the CGI's have been rewritten in PHP,
which won't happen any time soon, if you are to believe www.nagios.org.
--
Andreas Ericsson
OP5 AB
+46 (0)733 709032
andreas.ericsson at op5.se
-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
More information about the Developers
mailing list