Hi All,
Regarding HTTP authentication, any characters followed by the correct password is also taken as the correct one.It finds the wrong password only if the password starts wrong or in the middle of the correct password.
Scenario,
correct_password = hello
case(i)
entered password - hello ------>authentication success
case(ii)
entered password - 45trhello ------>authentication fails
case(iii)
entered password - he45trllo ------>authentication fails
case(iv)
entered password - hello45tr ------>authentication success
Please look at this issue.
Issue in nagios HTTP authentication
Re: Issue in nagios HTTP authentication
What version of core are you running? This was a previous issue, but should be fixed now. It was how HTTP authenticates, and only checks the first so many characters for authentication.
Former Nagios Employee
Re: Issue in nagios HTTP authentication
Thanks for the immediate response.I am using nagios core 4.1.1 .Actually am using HTTP authentication for some other services too where it authenticates the full password.
Re: Issue in nagios HTTP authentication
Can you post your apache configuration for us to look at? Specifically nagios.cfg in /etc/httpd/conf.d/, but there may be more depending on your setup.
Former Nagios Employee
Re: Issue in nagios HTTP authentication
yeah sure..please find the attached configuration file of apache.
#nagios.conf
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
#nagios.conf
# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file. Customize the paths, etc. as
# needed to fit your system.
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# Order deny,allow
# Deny from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
- Attachments
-
- httpd.conf
- apache config file
- (33.6 KiB) Downloaded 242 times
Re: Issue in nagios HTTP authentication
This looks fine, I believe the issue is how you created the password originally. It's most likely salted in a format that isn't very secure.
You should be able to recreate your htpasswd.users file by using this command -
Then, enter the password twice, and it will now be salted in SHA which should be a bit more secure then previously. Let us know how it goes.
You should be able to recreate your htpasswd.users file by using this command -
Code: Select all
cp /usr/local/nagios/etc/htpasswd.users /usr/local/nagios/etc/htpasswd.users.bak
htpasswd -cs /usr/local/nagios/etc/htpasswd.users nagiosadmin
Former Nagios Employee