<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> <META NAME="GENERATOR" CONTENT="GtkHTML/3.26.3"> </HEAD> <BODY> On Wed, 2009-07-29 at 12:59 -0500, Marc Powell wrote: <BLOCKQUOTE TYPE=CITE> <PRE> On Jul 29, 2009, at 11:46 AM, Jim McNamara wrote: > I posted this question to the nagiosplugins-help list last Wednesday > but received no answers. I hope I receive some insight from this list! > > ------------------------------------------------------------------------------------------- > > I'm running nagios 3.0.6 with plugins 1.4.13 both compiled from > source on a debian machine. We recently added dataprobe iboot remote > power switches to my network. They have basic web authentication, > but the authentication only uses a password, not a username. I tried > several different things with the -a modifier to check_http, and all > failed to get an OK result from the plugin. Among the tests were - > > -a \n:PASS > -a \r:PASS > -a *:PASS > -a :PASS > -a garbage:PASS > > All of the tests lead to a 401 error, as shown in this verbose > output - > > /usr/local/nagios/libexec/check_http -I 192.168.1.254 -a \n:PASS -v > GET / HTTP/1.0 > User-Agent: check_http/v2053 (nagios-plugins 1.4.13) > Connection: close > Authorization: Basic bjpyZWJvb3Q= > > > <A HREF="http://192.168.1.254:80/">http://192.168.1.254:80/</A> is 97 characters > STATUS: HTTP/1.0 401 Not Authorized > **** HEADER **** > WWW-Authenticate: Basic realm="iBoot" > **** CONTENT **** > <html><h2>Error</h2></html> > HTTP WARNING: HTTP/1.0 401 Not Authorized > > Is there some way to pass an empty or null username to this device? > When authenticating as a human through a browser, leaving the > username empty and the default password of PASS lets you in. Thanks > for any suggestions! Looking at the code, it does no modification of the auth info you provide other than encoding to base64. Based on how basic auth works, '-a :PASS' should do it as that will be encoded, sent, then decoded by the server into ':PASS'. This is the proper format for basic auth without username. You can easily decode what is being sent to the server by check_http (as above) to verify 'n:reboot'. I would try capturing the information sent by your browser to verify that the auth info is the same. -- Marc </PRE> </BLOCKQUOTE> Marc, Thanks for that help. Unfortunately it leads to some unusual results. Both authenticating from firefox on a windows host and on the CLI from the linux server show the same credentials being passed, as shown here: (Windows) User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.12) Gecko/2009070611 Firefox/3.0.12\r\n Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-us,en;q=0.5\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 300\r\n Connection: keep-alive\r\n Authorization: Basic OnJlYm9vdA==\r\n Credentials: :reboot \r\n (Linux) GET / HTTP/1.0\r\n User-Agent: check_http/v2053 (nagios-plugins 1.4.13)\r\n Connection: close\r\n Authorization: Basic OnJlYm9vdA==\r\n Credentials: :reboot \r\n So both agents pass the correct info to the unit, but something clearly doesn't behave well. I do see a fair amount of javascript in the windows capture after the authentication, could that be part of the issue? Also the "Connection: close\r\n sent by check_http has me wondering if is closing the stream before some of the authentication is completed? I have both captures from tshark and wireshark saved if seeing the full info would be any help. </BODY> </HTML>