Nagios - LDAP/RSA authentication

Werner Flamme werner.flamme at ufz.de
Thu Jan 22 09:41:15 CET 2009


Mohammed Al-Kout [22.01.2009 05:06]:
> Warner,
> 
> in my setup i'm not using authz, but i noticed something you are using "
> AuthUserFile /some/file " why is it required if the users are on ldap ?

Mohammed,

we have some accounts not stored in LDAP ("emergency", "srvadm"). So
this is our way to combine LDAP and local accounts.

Regards,
Werner

> 
> 
> On Wed, Jan 21, 2009 at 17:50, Werner Flamme <werner.flamme at ufz.de> wrote:
> 
>> Mohammed Al-Kout [21.01.2009 14:31]:
>>> Warner,
>>>
>>> the session seems to be expiring after ( 10-20) and nagios asks for
>>> reauthentication, ( we are using RSA passwords that change frequently so
>> the
>>> LDAPCAche does not apply in our case ) are you using mod_auth_ldap ?
>>> what are the parameters you use in the httpd.conf for LDAP Cache settings
>>>
>> Mohammed,
>>
>> I hope I get them all:
>> AuthName "LDAP Auth"
>> AuthType Basic
>> AuthBasicProvider ldap files
>> AuthLDAPURL "ldap://ldap.domain.tld/ou=people,dc=domain,dc=tld?uid?sub"
>> AuthLDAPAuthoritative off
>> AuthBasicAuthoritative On
>> require valid-user
>> AuthUserFile /some/file
>>
>> I do not see any special parameter about LDAP cache or SSL cache (we use
>> SSL, we don't want to pass the words unciphered via network ;-)).
>>
>> We're running apache 2.2.3 that loads the modules "suexec authz_host
>> actions alias auth_basic authz_groupfile authn_file authz_user authn_dbm
>> autoindex cgi dir env expires include log_config mime negotiation
>> setenvif status userdir asis imagemap ldap authnz_ldap ssl php5 perl
>> authz_default rewrite".
>>
>> Regards,
>> Werner
>>
>>>
>>>
>>>
>>>
>>> On Wed, Jan 21, 2009 at 16:22, Werner Flamme <werner.flamme at ufz.de>
>> wrote:
>>>> Mohammed Al-Kout [21.01.2009 14:00]:
>>>>> Hello,
>>>>>
>>>>> i'm running Nagios 3.0.1 on Apache 2.0.52 its been running on a local
>>>>> userfile for sometime, recently i switched to LDAP authentication with
>>>>> mod_auth_ldap its working fine, the problem is i'm getting the
>>>>> authentication popup every 10-20 mins, is there a way to stop this or
>> set
>>>> a
>>>>> longer interval  ? i'm not sure what is causing this popup to reappear
>> (
>>>>> LDAP , Apache or Nagios ) if anyone has an idea please lemme know
>>>> Neither of them. We use LDAP auth for years, and there are no such
>> popups.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.net email is sponsored by:
>> SourcForge Community
>> SourceForge wants to tell your story.
>> http://p.sf.net/sfu/sf-spreadtheword
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/null
>>
> 


-- 
Werner Flamme, Abt. WKDV
Helmholtz-Zentrum für Umweltforschung GmbH - UFZ
Permoserstr. 15 - 04318 Leipzig
Tel.: (0341) 235-1921 - Fax (0341) 235-451921
Information nach §§ 37a HGB, 35a GmbHG:
Sitz der Gesellschaft: Leipzig
Registergericht: Amtsgericht Leipzig, Handelsregister Nr. B 4703
Vorsitzender des Aufsichtsrats: MinDirig Hartmut F. Grübel
Wissenschaftlicher Geschäftsführer: Prof. Dr. Georg Teutsch
Administrativer Geschäftsführer: Dr. Andreas Schmidt

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list