I'll note that the default config appears intended to apply the password
restriction only to the admin scripts in /usr/share/xymon/cgi-secure.
But on Centos 7, that does not work for me, either.
Noticing the following conditions in the Directory stanza for
cgi-secure:
<IfModule mod_authz_core.c>
# Apache 2.4+
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Allow from all
</IfModule>
I checked that the mod_authz_core module was getting loaded with "httpd
-M" and it was. BUT I noticed that mod_authn_file was not, and I think
that's a dependency, along with mod_authz_user (which is getting
loaded). The 00-base.conf file for Apache has a LoadModule line for the
missing module, so I'm looking at why that's not getting loaded.
Regards,
Jake
On 2016-12-21 11:18, Raymond, David wrote:
Hi,
I have the same problem as Alessandro. I running SLES 12.2.
Same result, try different way, no prompt of user.
Thanks to help
David Raymond
D: XXX.XXX.XXXX x7064 C: XXX.XXX.XXXX F: XXX.XXX.XXXX
www.batiparbarrette.com
FROM: Xymon [mailto:xymon-bounces at xymon.com] ON BEHALF OF Alessandro Tinivelli
SENT: Wednesday, December 14, 2016 12:06 PM
TO: xymon at xymon.com
SUBJECT: [Xymon] restrict access to Xymon not working as expected
Hallo everyone,
sorry if the question has already been asked, but i could not find any answer in google:
my brand new xymon installation (Xymon 4.3.27-1.el7.terabithia) on Centos7 has the liens below in apache config file:
I have created the /etc/xymon/xymonpasswd file , but the access is still free with no pass request.
Is there something I did not understand? Should this file located somewhere else?
Thank you in advance
Alessandro
----
# Password file where users with access to these scripts are kept.
# Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
# scripts, files here can be read with the "config" message type,
# which allows status-privileged clients to read arbitrary regular files
# from the directory.
#
# This file should be owned and readable only by the apache server user,
# and ideally merely a symlink to a location outside of $XYMONHOME/etc/
#
# Create it with:
# htpasswd -c /etc/xymon/xymonpasswd USERNAME
# chown apache:apache /etc/xymon/xymonpasswd
# chmod 640 /etc/xymon/xymonpasswd
# Add more users / change passwords with: "htpasswd /etc/xymon/xymonpasswd USERNAME"
#
# You can also use a group file to restrict admin access to members of a
# group, instead of anyone who is logged in. In that case you must setup
# the "xymongroups" file, and change the "Require" settings to require
# a specific group membership. See the Apache docs for more details.
AuthUserFile /etc/xymon/xymonpasswd
AuthGroupFile /etc/xymon/xymongroups
AuthType Basic
AuthName "Xymon Administration"
# "valid-user" restricts access to anyone who is logged in.
Require valid-user