Kerberos Auth for URL monitoring

psroberts · Post by **psroberts** » Thu Jan 27, 2022 10:51 am

We need to monitor a URL that requires authentication via kerberos before it is able to be redirected to the URL and render the html. This does not seem to work with check_http as it appears only basic auth is supported? Is there a plugin that supports Kerberos authentication?

ssax · Post by **ssax** » Fri Jan 28, 2022 10:27 am

I'm investigating this and will post an update shortly.

ssax · Post by **ssax** » Fri Jan 28, 2022 11:11 am

I know curl is supposed to be able to do it but it depends on the version of curl your XI system is running. I found some plugins but I'll need to get a little more information.

https://stackoverflow.com/questions/385 ... e-required

Please the output of these commands from the XI server:

Code: Select all

uname -a
cat /etc/*release
curl -V

psroberts · Post by **psroberts** » Tue Feb 01, 2022 11:08 am

[root@nagiossrv1 ~]# uname -a
Linux nagiossrv1.mitre.org 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 8 21:51:17 EST 2021 x86_64 x86_64 x86_64 GNU/Linux

[root@nagiossrv1 ~]# cat /etc/*release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation ... e_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"

REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
Red Hat Enterprise Linux release 8.5 (Ootpa)
Red Hat Enterprise Linux release 8.5 (Ootpa)

[root@nagiossrv1 ~]# curl -V
curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1k zlib/1.2.11 brotli/1.0.6 libidn2/2.2.0 libpsl/0.20.2 (+libidn2/2.2.0) libssh/0.9.4/openssl/zlib nghttp2/1.33.0
Release-Date: 2018-09-05
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz brotli TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

ssax · Post by **ssax** » Wed Feb 02, 2022 11:10 am

Thanks, that helps that you're running something recent!

I'm investigating this and will post an update later today.

ssax · Post by **ssax** » Wed Feb 02, 2022 8:01 pm

I'm having issues getting this to work but I'm getting closer to understanding the full requirements of it and getting it to work, I should have an answer in the next couple of days.

psroberts · Post by **psroberts** » Thu Feb 03, 2022 8:28 am

Thank you for the update and the help digging into a solution here!

ssax · Post by **ssax** » Thu Feb 03, 2022 7:41 pm

Are you going to be authenticating via user/password or via machine account (without password)?

psroberts · Post by **psroberts** » Fri Feb 04, 2022 2:31 pm

It will be username and password

ssax · Post by **ssax** » Mon Feb 07, 2022 10:34 am

Okay, thank you for the information, I'll let you know my findings.

Nagios Support Forum

Kerberos Auth for URL monitoring

Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring

Re: Kerberos Auth for URL monitoring