Xymon Mailing List Archive search

Securing Hobbit from visitors

list Josh Luthman
Wed, 12 Mar 2008 10:24:54 -0400
Message-Id: <user-79faa39e4f12@xymon.invalid>

Buchan,

First of all I want to point out you don't need to email both the mailing
list and me, the point of the mailing list is that there is one reply
address =P  Simply email user-ae9b8668bcde@xymon.invalid (without modifying the subject) and
everyone will get your message.  It will make it more visually friendly =)

Secondly, there are three different "virtual directories" requiring the
three different authentication statements.  The problem is that there are
now three places to login at, the /hobbit and /hobbit-cgi and /hobbit-cgisec
and it gets very irritating.  I don't mind logging in once, but when you
navigate through pages and have to login again for the same application is
looks pretty ridiculous.

Can you show me an example of your LDAP authentication configuration (on
Apache), Buchan?

Josh

On 3/12/08, Buchan Milne <user-9b139aff4dec@xymon.invalid> wrote:
On Wednesday 12 March 2008 14:14:41 Josh Luthman wrote:
This is what I have in httpd.conf that makes me login three times (you
can
tell which three, obviously =)

Alias /hobbit/  "/hobbitdir/server/www/"
<Directory "/hobbitdir/server/www">
    Options Indexes FollowSymLinks Includes MultiViews
    Order allow,deny
    Allow from all
  AuthUserFile /hobbitdir/server/etc/hobbitpasswd
  AuthType Basic
  AuthName "Hobbit Monitoring1"
  Require valid-user
</Directory>

ScriptAlias /hobbit-cgi/ "/hobbitdir/cgi-bin/"
<Directory "/hobbitdir/cgi-bin">
    AllowOverride None
    Options ExecCGI Includes
    Order allow,deny
    Allow from all
  AuthUserFile /hobbitdir/server/etc/hobbitpasswd
  AuthType Basic
  AuthName "Hobbit Monitoring2"
  Require valid-user
</Directory>

ScriptAlias /hobbit-seccgi/ "/hobbitdir/cgi-secure/"
<Directory "/hobbitdir/cgi-secure">
    AllowOverride None
    Options ExecCGI Includes
    Order allow,deny
    Allow from all

    AuthUserFile /hobbitdir/server/etc/hobbitpasswd
    AuthGroupFile /hobbitdir/server/etc/hobbitgroups
    AuthType Basic
    AuthName "Hobbit Monitoring3"
    Require valid-user
    Require group group4admin
</Directory>

If you use the same AuthName, most likely you users should not need to log
in
more than once. Was there a reason you used different ones.


Regards,

Buchan

-- 
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX

Those who don't understand UNIX are condemned to reinvent it, poorly.
--- Henry Spencer