[Nagios-users] Re: How to Loggout?

Cook, Garry GWCOOK at mactec.com
Fri Jun 4 16:26:03 CEST 2004


Someone has already written a .cgi to allow users to change their
passwords. I used it in an earlier version of NetSaint, but did not
carry it over to my Nagios install last year. So, I don't have much more
information for you, other than the fact that it was out there at one
time. It may be that it can be located in the Add-Ons section of the
Nagios web site. If not, you might find it by searching the archives.
Good luck.

Garry W. Cook, CCNA
Network Infrastructure Manager
MACTEC, Inc. - http://www.mactec.com/
303.308.6228 (Office) - 720.220.1862 (Mobile)

nagios-devel-admin at lists.sourceforge.net wrote:
> Devel Team,
> 
> are you all thinking about a solutinon to this problema?
> 
> I realy think it's a very important feature that nagios
> lacks. Why cannot
> Nagios handle the autentication by it self?
> 
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole
> (.htaccess is also very unsafe).
> 
> I hope it could be in Nagios 2.0.
> 
> 
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
> 
>> Jason Martin writes:
>> 
>>> It is actually a problem with the HTTP Spec
>> 
>> Not really.  The spec provides a simple means of authenticating
>> yourself. In many cases it is reasonable to assume that you will
>> want to keep on authenticating yourself.  In some situations you
>> need to be able to logout, and then it is up to the website to use a
>> different means of authentication. 
>> 
>> Yahoo, Hotmail and many other sites all use a different means of
>> authentication so people can logout, because these are services that
>> are often accessed from internet cafes or library internet
>> terminals.  Most people who use Nagios have little need to be able
>> to logout, so it was reasonable for Ethan to use the HTTP
>> authentiaction mechanism. 
>> 
>>> once a password is provided for a security realm, there isn't a way
>>> to get the server to 'forget' it.
>> 
>> It is the browser that remembers the credentials, not the server. 
>> You may be able to fiddle it with a sub-directory which has a
>> .htaccess defining the same realm but pointing to an empty password
>> file.  Going to a page there may cause the browser to put up another
>> login box, which will fail, then the password is forgotten.  Clumsy,
>> but not as clumsy as restarting your browser. 
>> 
>> --
>> Paul Allen
>> Softflare Support


-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504




More information about the Developers mailing list