Is a null username possible with check_http
Marc Powell
marc at ena.com
Wed Jul 29 19:59:09 CEST 2009
On Jul 29, 2009, at 11:46 AM, Jim McNamara wrote:
> I posted this question to the nagiosplugins-help list last Wednesday
> but received no answers. I hope I receive some insight from this list!
>
> -------------------------------------------------------------------------------------------
>
> I'm running nagios 3.0.6 with plugins 1.4.13 both compiled from
> source on a debian machine. We recently added dataprobe iboot remote
> power switches to my network. They have basic web authentication,
> but the authentication only uses a password, not a username. I tried
> several different things with the -a modifier to check_http, and all
> failed to get an OK result from the plugin. Among the tests were -
>
> -a \n:PASS
> -a \r:PASS
> -a *:PASS
> -a :PASS
> -a garbage:PASS
>
> All of the tests lead to a 401 error, as shown in this verbose
> output -
>
> /usr/local/nagios/libexec/check_http -I 192.168.1.254 -a \n:PASS -v
> GET / HTTP/1.0
> User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
> Connection: close
> Authorization: Basic bjpyZWJvb3Q=
>
>
> http://192.168.1.254:80/ is 97 characters
> STATUS: HTTP/1.0 401 Not Authorized
> **** HEADER ****
> WWW-Authenticate: Basic realm="iBoot"
> **** CONTENT ****
> <html><h2>Error</h2></html>
> HTTP WARNING: HTTP/1.0 401 Not Authorized
>
> Is there some way to pass an empty or null username to this device?
> When authenticating as a human through a browser, leaving the
> username empty and the default password of PASS lets you in. Thanks
> for any suggestions!
Looking at the code, it does no modification of the auth info you
provide other than encoding to base64. Based on how basic auth works,
'-a :PASS' should do it as that will be encoded, sent, then decoded by
the server into ':PASS'. This is the proper format for basic auth
without username. You can easily decode what is being sent to the
server by check_http (as above) to verify 'n:reboot'. I would try
capturing the information sent by your browser to verify that the auth
info is the same.
--
Marc
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list