Nagios XI and Nagvis Login Integration

[pnnagios]

Hello,

We are using Nagios XI 2014R2.7 and Nagvis 1.8.4, and are trying to integrate the user accounts, so that we do not have to maintain two username/password sets. We have tried two different ways to do this, but we are having issues with both.

Method 1: Switch the Nagvis authentication to use apache 'basic auth', by removing the comments from the following to the /etc/httpd/conf.d/nagvis.conf file:

Code: Select all

  AuthName "NagVis Access"
  AuthType Basic
  AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
  Require valid-user

When we used this method, we encountered a problem where authentication to Nagvis fails if the password contains a $ character (perhaps other special characters too), even though the Nagios XI authentication was successful. In fact, if you type the password up to but not including the $, the Nagvis authentication is then successful. The other problem we encountered with this method is the persistence of the Nagvis authentication. If you log out of Nagios XI, after a successful login to Nagvis, and then log in again as a different user (with the same web browser / PC), then you are sill logged into Nagvis with the previous user. As well, when we authenticate to Nagvis with this method, the 'logout' option in the Nagvis interface is absent, so there is no way to terminate the Nagvis session.

Method 2: Use the 'Old Style Authentication' as described here:
http://docs.nagvis.org/1.8/en_US/auth_old_style.html

In this case the /usr/local/nagvis/etc/nagvis.conf file is adjusted, as follows:

Code: Select all

; LogonEnv: It is possible to realise a fully "trusted" authentication
; mechanism like all previous NagVis versions used it before. This way the user
; is not really authenticated with NagVis. NagVis trusts the provided username
; implicitly. NagVis uses the configured environment variable to identify the
; user. You can add several authentication mechanisms to your webserver,
; starting from the basic authentication used by Nagios (.htaccess) to single
; sign-on environments.
; Simply set logonmodule to "LogonEnv", put the environment variable to use as
; username to the option logonenvvar and tell the authentication module to
; create users in the database when provided users does not exist. The option
; logonenvcreaterole tells the module to assign the new user to a specific role
; set to empty string to disable that behaviour.
logonmodule="LogonEnv"
;logonenvvar="PHP_AUTH_USER"
logonenvvar="REMOTE_USER"
logonenvcreateuser="1"
;logonenvcreaterole="Guests"

When we tried this method, we continually get a message that "The environment variable REMOTE_USER is not set or empty". Is the REMOTE_USER environment variable not set, when you log into Nagios XI, or has the Nagios XI authentication method changed?

Are we doing something wrong here, or is there another way to make this work?

Thank you,

Paul

[abrist]

XI uses php user sessions, and fetches any necessary data from the cgis through localhost calls. In order to integrate the two logins into one, we would need to write some php to attempt to integrate Nagvis with our current session logic. This sounds like a great feature request, I would suggest creating a feature request at http://tracker.nagios.com

[pnnagios]

Feature request submitted:

http://tracker.nagios.com/view.php?id=732

Thank you,

Paul

[abrist]

Thanks for the feature request. Closing the thread.