Deferring user authentication to the server *and* using server defined usernames?

Owen LaGarde owen.m.lagarde at usace.army.mil
Fri May 23 21:47:20 CEST 2008


A more direct question:  Torsten Fellhauer wrote a patch for this back
in the 1.2 days.  Did that functionality ever make it into mainstream,
and if so, how do I config for it?


On Fri, 2008-05-23 at 12:09 -0500, Owen LaGarde wrote:
> I've seen reference to using the SSL certificate authentication
> performed by httpd to drive Nagios user identification -- the LCG wiki
> at https://twiki.cern.ch/twiki/bin/view/LCG/GridMonitoringNagiosInstall
> mentions a form of this.  I'd like to go a step further and use one of
> the environment variables (specifically SSL_CLIENT_S_DN_CN) defined by
> mod_ssl to specify the user name.  This is primarily driven by a number
> of issues -- well outside the scope of this list -- springing from the
> DoD's use of this certificate component.  The basic idea is to set an
> environment variable, say, USERNAME, to SSL_CLIENT_S_DN_CN when mod_ssl
> builds the session, and have Nagios honor it as trusted and assign
> roles/capabilities to it in the usual places.  As an example see Numara
> Footprints' use of USERNAME and mod_ssl.  Does anyone else do this?
> 
> 
-- 
Sincerely,

    Owen LaGarde
    Senior Systems Administrator
    Owen.M.LaGarde at erdc.usace.army.mil
    1-800-522-6937 x4879

Engineering Research and Development Center
attn: CEERD-IH-C (Owen LaGarde)
3909 Halls Ferry Road
Vicksburg, MS 39180-6199
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://www.monitoring-lists.org/archive/users/attachments/20080523/9d01ba35/attachment.sig>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


More information about the Users mailing list