[Nagios-users] Re: How to Loggout?
Cook, Garry
GWCOOK at mactec.com
Fri Jun 4 16:26:03 CEST 2004
Someone has already written a .cgi to allow users to change their
passwords. I used it in an earlier version of NetSaint, but did not
carry it over to my Nagios install last year. So, I don't have much more
information for you, other than the fact that it was out there at one
time. It may be that it can be located in the Add-Ons section of the
Nagios web site. If not, you might find it by searching the archives.
Good luck.
Garry W. Cook, CCNA
Network Infrastructure Manager
MACTEC, Inc. - http://www.mactec.com/
303.308.6228 (Office) - 720.220.1862 (Mobile)
nagios-devel-admin at lists.sourceforge.net wrote:
> Devel Team,
>
> are you all thinking about a solutinon to this problema?
>
> I realy think it's a very important feature that nagios
> lacks. Why cannot
> Nagios handle the autentication by it self?
>
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole
> (.htaccess is also very unsafe).
>
> I hope it could be in Nagios 2.0.
>
>
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
>
>> Jason Martin writes:
>>
>>> It is actually a problem with the HTTP Spec
>>
>> Not really. The spec provides a simple means of authenticating
>> yourself. In many cases it is reasonable to assume that you will
>> want to keep on authenticating yourself. In some situations you
>> need to be able to logout, and then it is up to the website to use a
>> different means of authentication.
>>
>> Yahoo, Hotmail and many other sites all use a different means of
>> authentication so people can logout, because these are services that
>> are often accessed from internet cafes or library internet
>> terminals. Most people who use Nagios have little need to be able
>> to logout, so it was reasonable for Ethan to use the HTTP
>> authentiaction mechanism.
>>
>>> once a password is provided for a security realm, there isn't a way
>>> to get the server to 'forget' it.
>>
>> It is the browser that remembers the credentials, not the server.
>> You may be able to fiddle it with a sub-directory which has a
>> .htaccess defining the same realm but pointing to an empty password
>> file. Going to a page there may cause the browser to put up another
>> login box, which will fail, then the password is forgotten. Clumsy,
>> but not as clumsy as restarting your browser.
>>
>> --
>> Paul Allen
>> Softflare Support
-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
More information about the Developers
mailing list