This is what I have in httpd.conf that makes me login three times (you can
tell which three, obviously =)
Alias /hobbit/ "/hobbitdir/server/www/"
<Directory "/hobbitdir/server/www">
Options Indexes FollowSymLinks Includes MultiViews
Order allow,deny
Allow from all
AuthUserFile /hobbitdir/server/etc/hobbitpasswd
AuthType Basic
AuthName "Hobbit Monitoring1"
Require valid-user
</Directory>
ScriptAlias /hobbit-cgi/ "/hobbitdir/cgi-bin/"
<Directory "/hobbitdir/cgi-bin">
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
AuthUserFile /hobbitdir/server/etc/hobbitpasswd
AuthType Basic
AuthName "Hobbit Monitoring2"
Require valid-user
</Directory>
ScriptAlias /hobbit-seccgi/ "/hobbitdir/cgi-secure/"
<Directory "/hobbitdir/cgi-secure">
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all
AuthUserFile /hobbitdir/server/etc/hobbitpasswd
AuthGroupFile /hobbitdir/server/etc/hobbitgroups
AuthType Basic
AuthName "Hobbit Monitoring3"
Require valid-user
Require group group4admin
</Directory>
On 3/12/08, Buchan Milne <user-9b139aff4dec@xymon.invalid> wrote:
On Wednesday 12 March 2008 06:58:16 Josh Luthman wrote:
I am curious to see how the crew here on the mailing list secures their
Hobbit from the outside world. I need to have the WWW pages visible
from
every IP but only from certain people, therefor I need to use users and
passwords. Our Hobbitmon is viewed via cell phones and computers (IE
and
Firefox) and protected by an HTTP(S) login currently. The problem is
that
with three different Directory statements in httpd.conf, you need to
login
three times every time you restart Firefox.
Also, how many businesses have Hobbitmon wide open for the viewing, such
as
Henrik's demo, if any?
We run ours requiring authentication of a valid user in our LDAP directory
for
any access to Hobbit at all, and membership of the monitoring group in
LDAP
for access to the /hobbit-seccgi location. This allows to (besides reduce
user management overhead) have password expiration, lockout, etc. etc.
If you use the same authentication source in all the directory statements,
users should not have to authenticate more than once (we don't). Even if
you
do authorization only on /hobbit-seccgi.
This is really more of an Apache thing than anything else ... but you may
want
to post the authentication aspects of your apache configuration for Hobbit
if
you need more assistance.
Regards,
Buchan
--
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX
Those who don't understand UNIX are condemned to reinvent it, poorly.
--- Henry Spencer