Nagios User Form Based Authentication

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
rickvanderzwet
Posts: 2
Joined: Wed May 03, 2017 2:59 pm

Nagios User Form Based Authentication

Post by rickvanderzwet »

Hi,

We run a Nagios Core server, which is located on the public internet. Read-access is allowed by all due to the nature of our efforts (Open Community Wireless Network), yet write access has to be restricted to login-based access (spam et al.).

I could not found something pretty online, so I created something new, using apache modules mod_auth_form, mod_session_crypto and mod_session_hack:
Image

Code over here: http://svn.wirelessleiden.nl/svn/code/mod_session_hack/

I still feel that it could be cleaner without the 'hacky' module et al, comments welcome if somebody fixed it alternatively.
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Nagios User Form Based Authentication

Post by dwhitfield »

First off, thanks so much for sharing the code!

As for your thoughts on it being hacky, it may not be exactly what you want, but a log-in page was added in 4.3.0: https://github.com/NagiosEnterprises/na ... /Changelog. At the very least, looking at that code may give you some ideas for a cleaner implementation.

If you would like to see specific features in our implementation of auth, I highly encourage you to file a feature request at https://github.com/NagiosEnterprises/nagioscore/issues (and of course if you find bugs, bug reports...even though they both fall under "Issues").
rickvanderzwet
Posts: 2
Joined: Wed May 03, 2017 2:59 pm

Re: Nagios User Form Based Authentication

Post by rickvanderzwet »

dwhitfield wrote:First off, thanks so much for sharing the code!

As for your thoughts on it being hacky, it may not be exactly what you want, but a log-in page was added in 4.3.0: https://github.com/NagiosEnterprises/na ... /Changelog. At the very least, looking at that code may give you some ideas for a cleaner implementation.
Seems to have lived one minor revision, as 4.3.1 does not have the code anymore, as the commit was reverted (reason unknown) https://github.com/NagiosEnterprises/na ... 0120ddecb4 it looks roughly the same indeed, without the hacky stuff, I feel inspired for some more coding :)
dwhitfield wrote: If you would like to see specific features in our implementation of auth, I highly encourage you to file a feature request at https://github.com/NagiosEnterprises/nagioscore/issues (and of course if you find bugs, bug reports...even though they both fall under "Issues").
Thanks, I normally try to file feature request attached with patch to implement it. I can see if I can come up with something 'session management-ish inside the nagios cgi framework', since we also like it to work for the non-apache world :-).
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: Nagios User Form Based Authentication

Post by dwhitfield »

rickvanderzwet wrote: Seems to have lived one minor revision, as 4.3.1 does not have the code anymore, as the commit was reverted (reason unknown) https://github.com/NagiosEnterprises/na ... 0120ddecb4 it looks roughly the same indeed, without the hacky stuff, I feel inspired for some more coding :)
Long-story-short, it caused all sorts of problems for people. You can see that 4.3.0 and 4.3.1 came out two days apart: https://github.com/NagiosEnterprises/na ... /Changelog

I hate to leave it vague with "problems" but I don't know that it's fair to sum it up with "Turns out, many people don't know how to configure Apache." That's certainly part of the issue, but last I heard the idea was to implement with something easier for new users to turn off and on. I don't know when that might be. As far as I'm aware, 4.3.2, 4.4, and 5.0.0 are all currently in the works. I kinda suspect it might wait until 5.0.0 since it's a big number change so people will expect big number changes. I doubt it will be 4.3.2, but I can't say anything definite.
Thanks, I normally try to file feature request attached with patch to implement it
Not necessary. You can always file the feature request and produce the code later. The thing about waiting is if the main devs aren't thinking about your feature request they might build something that makes it harder for your feature. Plus, maybe they'll have an idea for implementing it quickly, which will free you up for other things, and other people get the feature quicker. Everybody wins.
Locked