Xymon Mailing List Archive search

Securing Hobbit from visitors

list Galen Johnson
Thu, 13 Mar 2008 10:01:28 -0400
Message-Id: <user-d5b26f4cf722@xymon.invalid>

Yes, it does since AuthLDAP requires additional binding and search information in order to get the user info.

=G=

From: Josh Luthman [mailto:user-4c45a83f15cb@xymon.invalid]
Sent: Thursday, March 13, 2008 8:42 AM
To: user-ae9b8668bcde@xymon.invalid
Subject: Re: [hobbit] Securing Hobbit from visitors

CentOS release 5 (Final) and Apache/2.2.3

Is it possible that .htpasswd acts differently from LDAP?
On 3/13/08, T.J. Yang <user-8e841282cda5@xymon.invalid<mailto:user-8e841282cda5@xymon.invalid>> wrote:
I got a working configuration in Solaris 10 with apache 2.x server.
What is your OS and apache version ?

lets document the fix here when problem is resolved.

http://en.wikibooks.org/wiki/System_Monitoring_with_Hobbit/Administration_Guide#LDAP_Authentication

tj

From: "Dirk Kastens" <user-e4253f8fc63b@xymon.invalid<mailto:user-e4253f8fc63b@xymon.invalid>>
Sent: Thursday, March 13, 2008 2:01 AM
To: <user-ae9b8668bcde@xymon.invalid<mailto:user-ae9b8668bcde@xymon.invalid>>
Subject: Re: [hobbit] Securing Hobbit from visitors


Josh Luthman schrieb:
Forgot all about that - I originally had the lines...

AuthName "Hobbit Monitoring"

Then I added the 1, 2 and 3 to the ends of them to identify/confirm where
the secondary and tertiary logins were coming from (obviously, the Alias
statements =)

There was no change before/after the number after the AuthName
Then I don't know why it didn't work. I have the following configuration
in my httpd.conf:

ScriptAlias /hobbit-cgi/ "/data1/hobbit/cgi-bin/"
<Directory "/data1/hobbit/cgi-bin">
...
    AuthName "LDAP-Kennung"
    AuthType basic
    AuthLDAPEnabled on
...
require user userA userB userC
</Directory>

ScriptAlias /hobbit-seccgi/ "/data1/hobbit/cgi-secure/"
<Directory "/data1/hobbit/cgi-secure">
...
    AuthName "LDAP-Kennung"
    AuthType basic
    AuthLDAPEnabled on
...
    require user userB userD
</Director>

When userB calls a script under /hobbit-cgi he has to authenticate against
LDAP. When he then calls a script under /hobbit-seccgi he doesn't have to
authenticate again, because apache regognizes the he already authenticated
against the AuthName "LDAP-Kennung".

Regards,

Dirk Kastens
Universitaet Osnabrueck, Rechenzentrum (Computer Center)
Albrechtstr. 28, 49069 Osnabrueck, Germany
Tel.: +XX-XXX-XXX-XXXX, FAX: -2470


--
Josh Luthman
Office: XXX-XXX-XXXX
Direct: XXX-XXX-XXXX
XXXX Wayne St
Suite XXXX
Troy, OH XXXXX

Those who don't understand UNIX are condemned to reinvent it, poorly.
--- Henry Spencer