Mapping DNs to username

Gyula Szabó gyufi at sztaki.hu
Tue Dec 4 19:39:33 CET 2007


Are you tried the SSLUserName option?

,, This directive sets the "user" field in the Apache request object.
This is used by lower modules to identify the user with a character
string. In particular, this may cause the environment variable
REMOTE_USER to be set. The varname can be any of the SSL environment
variables. ''

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslusername

Maybe you could use a unique attribute of the certificate, for example
the email address.

Regards,
gyufi

On 12/4/07, Miah, W (Wadud) <W.Miah at rl.ac.uk> wrote:
> I'm aware of other authentication methods, but I must use client
> certificates.
>
> -------------------------nagios.conf-------------------------
> ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
>
> <Directory /usr/local/nagios/sbin>
>   SSLVerifyClient Require
>   SSLVerifyDepth 3
>   SSLOptions +FakeBasicAuth
>   SSLRequireSSL
>
>   Options ExecCGI
>   AllowOverride None
>   AuthName "Nagios CGI Access"
>   AuthType Basic
>   AuthUserFile /etc/nagios/users-access
>   Require valid-user
> </Directory>
> -------------------------
>
> -------------------------/etc/nagios/users-access-----------------------
> --
> /C=UK/O=eScience/OU=CLRC/L=RAL/CN=wadud miah:xxj31ZMTZzkVA
> -------------------------
>
> Apache then sets the username as the certificate DN =
> '/C=UK/O=eScience/OU=CLRC/L=RAL/CN=wadud miah'
> Even if I enclose the DN in quotes (single and double), and assign it
> to, say,
> authorized_for_system_information, Nagios does not allow me to view the
> system information. I guess this is
> more of an Apache question than Nagios.
>
> -----Original Message-----
> From: tom.welsh at bt.com [mailto:tom.welsh at bt.com]
> Sent: 04 December 2007 17:18
> To: Miah, W (Wadud); nagios-users at lists.sourceforge.net
> Subject: RE: [Nagios-users] Mapping DNs to username
>
> Hi Wadud,
>
> How have you setup you authentication to use certs?
>
> Typically nagios uses .htaccess files in the examples to authenticate
> users. This is documented in the docs.
>
> You can use htpasswd, htdigest or dbmanage to create your user file.
> Just make sure you set the AuthType to the correct value.
>
> ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin
>
> <Directory "/usr/local/nagios/sbin">
>     Options ExecCGI
>     AllowOverride None
>     Order allow,deny
>     Allow from all
>     AuthName "Nagios Access"
>     AuthType Basic
>     AuthUserFile /usr/local/nagios/etc/htpasswd.users
>     Require valid-user
> </Directory>
>
> Alias /nagios /usr/local/nagios/share
>
> <Directory "/usr/local/nagios/share">
>     Options None
>     AllowOverride None
>     Order allow,deny
>     Allow from all
>     AuthName "Nagios Access"
>     AuthType Basic
>     AuthUserFile /usr/local/nagios/etc/htpasswd.users
>     Require valid-user
> </Directory>
>
> Have you setup authentication another way? If so can you post part off
> your config so we can help you?
>
> Regards
>
> Tom
>
> -----Original Message-----
> From: nagios-users-bounces at lists.sourceforge.net
> [mailto:nagios-users-bounces at lists.sourceforge.net] On Behalf Of Miah, W
> (Wadud)
> Sent: 04 December 2007 17:12
> To: nagios-users at lists.sourceforge.net
> Subject: [Nagios-users] Mapping DNs to username
>
> Nagios CGI authentication is carried out using certificates, which sets
> the username to the certificate DN. Is there a way to map it to a unique
> username? For example,
>
> DN1 -> user1
> DN2 -> user2
>
> I can't seem to find a solution to this problem in the archives.
>
> Many thanks.
>
> ------------
> Wadud Miah
> Scientific Computing Systems Support
> High Performance Computing Services Group, e-Science, RAL
> 01235 446 794
> ------------
>
>
> ------------------------------------------------------------------------
> -
> SF.Net email is sponsored by: The Future of Linux Business White Paper
> from Novell.  From the desktop to the data center, Linux is going
> mainstream.  Let it simplify your IT future.
> http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
> -------------------------------------------------------------------------
> SF.Net email is sponsored by: The Future of Linux Business White Paper
> from Novell.  From the desktop to the data center, Linux is going
> mainstream.  Let it simplify your IT future.
> http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list