Nagios patch - x509 cert authentication

Pawel Zuzelski pzz at touk.pl
Tue Jul 22 16:24:22 CEST 2008


On Tuesday 22 of July 2008 16:03:39 Jim Perrin wrote:
> On Tue, Jul 22, 2008 at 9:59 AM, Pawel Zuzelski <pzz at touk.pl> wrote:
> > Hi all,
> >
> > I have patched nagios cgi to enable certificate based authentication.
> >
> > In order to enable SSL authentication one have to set:
> > use_ssl_authentication = 1
> > in cgi.cfg config file, so this patch does not affect default behavior of
> > nagios.
>
> Excellent! One question though. How is this different from using SSL
> certificate authentication via mod_ssl with FakeBasicAuth?

Most important differences are
 * nagios admin does not have to add new users to htpasswd file (or some sort 
of authn database).
 * user's id is commonName (which may be his real name), not DN.

Paweł Zuzelski

-- 
TouK sp. z o.o. s.k.a.       tel: +48664282776, +48225761854, jid:pzz at touk.pl
SSL root cert: http://cert.touk.pl/
SHA1 fingerprint: 4A:AC:7F:DA:54:B0:89:AE:D9:CD:B1:5E:95:88:BD:FD:B4:5E:1F:92
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1290 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20080722/4f9ec660/attachment.bin>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel


More information about the Developers mailing list