On Nov 10, 2009, at 10:20 PM, ReynierPM wrote: > Marc Powell wrote: >> I don't know that I'd say security breach but it does show that permissions >> are not an issue per se and that you're editing the right file. > > Ok, if you said this I believe because you're and expert and I don't.
I'm a bit confused by this statement. This test was just a troubleshooting step, really to eliminate filesystem permission issues. As far as being a security issue, that depends entirely on your environment and policies. I have several nagios instances with authentication off and several with it on, based on our needs. >> I have no more suggestions for you other than to try with simple >> .htaccess/htpasswd auth instead of your LDAP auth. Perhaps that's doing >> something strange to REMOTE_USER. > > Maybe you or developers will take this into account for future version of > Nagios. Take what into account/how? There's nothing that nagios needs to account for. Either your auth plugin sets the normal auth environment variable and you've told nagios to expect that exact string or not. > Personally in my work is better use a LDAP domain instead of create > independents users every time I need gain acces to Nagios Web Interface. My suggestion to do so was yet another troubleshooting step to eliminate your ldap auth plugin as a source of the problem. If you can log in with a htpasswd user and everything works then the problem is with the LDAP auth configuration in apache. It gives you a direction to look. There's no reason you shouldn't be able to use LDAP auth assuming that your chosen auth plugin does the right things. A quick google for 'nagios ldap authentication' show several how-to's, specifically ldap against Active Directory so it can work... It appears the most common problem is that the ldap plugin may set the REMOTE_USER environment variable to the entire DN, not just the username part. -- Marc ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
