Hi all, My first post to the list - I've been harassing @icinga on ADN and Twitter lately, just replaced 2 standalone Nagios installations with a single Icinga instance with a gearman component, monitoring 166 hosts and 1315 services, lots of green :)
My first question then.. I want to provide icinga-web to my users, but we have fairly stringent security requirements. I'm currently meeting these requirements using Classic UI as follows: * Any /icinga/ URL has to be requested from an approved IP (no user auth) * cgi-bin/cmd.cgi has to be requested from an approved IP _AND_ provide a username authenticated against our LDAP store (using apache ldapz module) This enables normal users to browse the GUI without having to authenticate (provided they're on our VPN), but requires more accountability when taking actions which could impact alarming. I've stumbled across this post (http://comments.gmane.org/gmane.comp.monitoring.icinga.user/434), which details how I might provide access to icinga-web using apache ldapz again, but I'd want to do the same trick re forcing authentication when running commands, but allowing read-only access when browsing. I'm wondering whether I can do this by applying the same restriction to /icinga-web/modules/cronks/commandproc ? Does anybody else have any experience doing this? Many thanks, David @funkypenguin on ADN / Twitter ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ icinga-users mailing list icinga-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/icinga-users
