NSclient++ password

[spiderpig]

Hi,
I have default setup for my nsclient++, and I like to set a new password for it.
where should i begin, and how to implement this?

and do I have to change nsc.ini on all the remote agents?

[hsmith]

Hi,
I have default setup for my nsclient++, and I like to set a new password for it.
where should i begin, and how to implement this?

Add this second to the .ini.

Code: Select all

[/settings/default]

; PASSWORD - Password used to authenticate against server
password = GOODPASSWORD

and do I have to change nsc.ini on all the remote agents?

If you need to change / update the password, yeah.

[tmcdonald]

This will need to be changed both on the Nagios side of things and on the NSClient machines themselves. I can't tell you how you have your password set up Nagios-side, but you likely have it in the resource.cfg file and reference it as a $USERx$ variable. Otherwise you may have it set in the service definition itself. Check out your services.cfg, or if you have services in their own files you will want to check those.

[spiderpig]

ok, but how can i encrpt the password in the nsc.ini file?

[tmcdonald]

I don't believe this can be done. NSClient might be able to hash the password (which it really should be doing anyway) but encrypting a password doesn't make much sense in the context of automated checking.

[spiderpig]

I don't believe this can be done. NSClient might be able to hash the password (which it really should be doing anyway) but encrypting a password doesn't make much sense in the context of automated checking.

ok, what is the purpose then to have password?
I just want to prevent someone can set up a nagios server in the network and steal the information from the client.

[jdalrymple]

I just want to prevent someone can set up a nagios server in the network and steal the information from the client.

In order to get the password out of the nsclient.ini or out of the services definition would they not have to access one of the 2 servers anyway? And if you've granted them access to the servers... what really are you securing them from?