Greetings! Errata: nagios-3.1.2, FC 11, Apache 2.2.11
I am migrating our Nagios server from one box to another. In the process, I changed O/S platforms and upgraded to the latest/greatest version of Nagios. I was able to copy all my configs to the new box, and (with a couple minor hiccups) have the system up and monitoring. On the old box, I was able to disable notifications and such without authentication. I believe the user was "guest", but it never was an issue; it never prompted me for a password, nor do I remember setting one up for any account related to Nagios (nagiosadmin, etc) when I upgraded the old system from Nagios 2 to Nagios 3.x last time. I also have not done so this time. In my nagios.conf file for apache, I commented out the "Require valid-user" directives: ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" Alias /nagios "/usr/local/nagios/share" <Directory "/usr/local/nagios/sbin"> # SSLRequireSSL Options ExecCGI AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users # Require valid-user </Directory> <Directory "/usr/local/nagios/share"> # SSLRequireSSL Options None AllowOverride None Order allow,deny Allow from all # Order deny,allow # Deny from all # Allow from 127.0.0.1 AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users # Require valid-user </Directory> So, when I click on anything that would change monitoring specs, I get the "I can't let you do that, Dave" warning and it just refers back to how to increase security. It also mentions that whoever (Jesse?) doesn't want to be held responsible. I *PROMISE* I won't hold anyone else responsible! I understand the risks, but I am not concerned that anyone will muck around and disable the monitors. Actually, no one cares. I looked through the documentation and saw a lot of how to beef up security and CGI authentication, but nothing on how to disable it. I tried setting "use_authentication=0" in the cgi.cfg, but that didn't affect the authentication requirements for the CGI. Suggestions? There must be a way to do this.... As always, grateful for the help. ....kevin -=-=-=-=- ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
