external auth

Phil Dibowitz phil at usc.edu
Thu Aug 12 09:37:22 CEST 2004


Has anyone brought up the possibility of obtaining user/group info externally?

For example it would be great if in the cgi.cfg we could specify "anyone in
group x can do this" where group x is a UNIX (either local, or NIS, or LDAP,
etc) group, rather than having to maintain two group files (nagios plus
whatever your organization uses).

Or better yet, using something like shibboleth (shibboleth.internet2.edu),
where it could look at some entitlement attribute (which would be set as an
environmental variable in apache)

Similarly for service SSH on host *, contact group Y, where group Y is
determined from the enterprise user management system (ldap, nis, active
directory, whatever).

I know that would probably require some pretty large changes to the code --
but I'm wondering if this has been discussed, or if anyone has looked into
such a project.

Just curious... Thanks.

-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/users/attachments/20040812/5621ff25/attachment.sig>


More information about the Users mailing list