Login/Authentication doesn't work

Tom Welsh twelsh at square-box.com
Tue Jan 21 01:08:39 CET 2003
Previous message: Login/Authentication doesn't work
Next message: Plugin docs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Scott, 

Here is a cutting from my httpd.conf file 

---------------------<SNIP>------------------------------------
## Script aliases for Nagios scrip aliases. they live 
## in /usr/local/nagios/sbin/

NameVirtualHost 26.23.45.76:80
<VirtualHost 26.23.45.76:80>
ServerAdmin webmaster at yourdomain.com
DocumentRoot /usr/local/nagios/share
ServerName yourhost.yourdomain.com
ServerAlias monitoring.square-box.com
ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/
<Directory "/usr/local/nagios/sbin/">
	AllowOverride AuthConfig
	Options ExecCGI
	Order allow,deny
	Allow from all
</Directory>

## Setup alias for /nagios/ to point to 
## /usr/local/nagios/share/ 

Alias /nagios/ /usr/local/nagios/share/
<Directory "/usr/local/nagios/share">
    Options None
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Directory>

##########################################################
#
# Webserver authentication for
# /usr/local/nagios/sbin  Nagios cgi scripts
# /usr/local/nagios/share Nagios HTML pages
#
##########################################################

<Directory /usr/local/nagios/sbin>
AllowOverride AuthConfig
order allow,deny
allow from all
Options ExecCGI
</Directory>

<Directory /usr/local/nagios/share>
AllowOverride AuthConfig
order allow,deny
allow from all
</Directory>
 
</VirtualHost>

--------------------------<SNIP>-----------------------------------

Then create a .htaccess file in your...

/usr/local/nagios/sbin
/usr/local/nagios/share

The apache .htaccess file is used to store information that tells the
Apache server valid authentication information is required before access
to a resource will be allowed.

A .htaccess file must be placed in each directory you wish to have
protected

The example below was taken from the Nagios® Configuration Documents
----------------<SNIP>--------------------------------
AuthName "Nagios Access" 
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
require valid-user
----------------<SNIP>--------------------------------


AuthName - the realm name displayed in the Site login authentication
dialogue. i.e squareBOX

AuthType - is the authentication type required. Basic, Digest, Database

AuthUserFile - The path to your username password file

require valid-user - The key directive that throws password checking
into action. Valid-user accepts any users that are found in the password
file defined by AuthUserFile


Take a look at my nagios configuration site at
http://demo.square-box.com  there is a section on configuring apache and
the various authentication types you can use.

The configs on that site were used to create
http://nagios.square-box.com our demo nagios site. Login / Password =
guest

Hope this helps

Tom Welsh
twelsh at square-box.com


-----Original Message-----
From: nagios-users-admin at lists.sourceforge.net
[mailto:nagios-users-admin at lists.sourceforge.net] On Behalf Of Scott
Rich
Sent: 20 January 2003 23:31
To: nagios-users at lists.sourceforge.net
Subject: [Nagios-users] Login/Authentication doesn't work

No matter what I try and how many times I have gone through the limited
documentation, I can't seem to get authorization to work.  And my name
is not DAVE!

Below is an excerpt from my httpd.conf file and cgi.cfg file.  I have
Apache configured for port 8000.

httpd.conf
. . .
#
# AllowOverride controls what directives may be placed in .htaccess
files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None

#
# AccessFileName: The name of the file to look for in each directory
# for access control information.  See also the AllowOverride
directive.
#
AccessFileName .htaccess

#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the
client.
# The same rules about trailing "/" apply to ScriptAlias directives as
to
# Alias.
#
#ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
ScriptAlias /cgi-bin/nagios/ "/home/apps/nagios/sbin/"

<IfModule mod_cgid.c>
#
# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
# for setting UNIX socket for communicating with cgid.
#
#Scriptsock            logs/cgisock
</IfModule>

#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
#<Directory "/var/www/cgi-bin">
#    AllowOverride None
#    Options None
#    Order allow,deny
#    Allow from all
#</Directory>
<Directory "/home/apps/nagios/sbin/">
    AllowOverride AuthConfig
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

Alias /nagios /home/apps/nagios/share

<Directory "/home/apps/nagios/share">
    Options None
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>


..cgi.cfg...

# AUTHENTICATION USAGE
# This option controls whether or not the CGIs will use any 
# authentication when displaying host and service information, as
# well as committing commands to Nagios for processing.  
#
# Read the HTML documentation to learn how the authorization works!
#
# NOTE: It is a really *bad* idea to disable authorization, unless
# you plan on removing the command CGI (cmd.cgi)!  Failure to do
# so will leave you wide open to kiddies messing with Nagios and
# possibly hitting you with a denial of service attack by filling up
# your drive by continuously writing to your command file!
#
# Setting this value to 0 will cause the CGIs to *not* use
# authentication (bad idea), while any other value will make them
# use the authentication functions (the default).

use_authentication=1



# DEFAULT USER
# Setting this variable will define a default user name that can
# access pages without authentication.  This allows people within a
# secure domain (i.e., behind a firewall) to see the current status
# without authenticating.  You may want to use this to avoid basic
# authentication if you are not using a sercure server since basic
# authentication transmits passwords in the clear.
#
# Important:  Do not define a default username unless you are
# running a secure web server and are sure that everyone who has
# access to the CGIs has been authenticated in some manner!  If you
# define this variable, anyone who has not authenticated to the web
# server will inherit all rights you assign to this user!
 
#default_user_name=nagiosadmin


If I didn't like the format, layout, options, and scalability of Nagios
so much I would have given up trying to install/configure the da*# thing
two months ago.  Can anyone put an end to my three month long
installation suffering?

Scott


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users





-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
Previous message: Login/Authentication doesn't work
Next message: Plugin docs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list