Nagios Support Forum

Hi guys,

I am sure many will agree that the http authentication is a bit annoying albeit mandatory.
I am integrating nagios core web interface with other application, and I wish I could just bypass the http authentication without setting default username in the config file.

The ideal scenario will be:
1. User is authenticated into the external application.
2. Based on the user's role, we use the "nagiosadmin" or "nagiosuser" details to login to Nagios core web interface without popping up the authentication dialog.

I have tried using AJAX, CURL, and PEAR::HTTP_Request in php but still can't prevent the dialog box from showing especially in Chrome.
Some people suggest making the server returns 403 instead of 401, or even supply custom Authorization challenge

I understand that NagiosXI is using some kind of proxy, judging by the file called coreproxy.inc (or something similar).

Has anyone succeeded in doing so without using proxy?

Thank you very much!

I tested the following and it works (just not in IE though): Note: This is the standard way of handling automatic logins for htpasswd (basic auth) protected sites.

Thank you, abrist.
That actually works, I can confirm it.
For IE 9, I think I use something like this in PHP to make it works.
However, I forgot to mention that I am using Digest Authentication instead of Basic.
Using Digest, I have to combine my username and password with the challenge sent by the server and send it back in the header response.

With Basic authentication, my user can still see the username and password by simply right click and view page source, since I load the web interface in an iframe. And, without SSL, this is a giveaway!
I have a very tight security requirements, so this solution is not applicable for me.

I am giving up

Thanks anyway.

Why don't you use NTLM authentication with AD.

Hmmmmm
ruffsense, I've never thought about that.

We're moving/going to use Kerberos in the future, so might be worth investing some time in it.
I'd do some reading before I ask more questions.

kalianto wrote:Hmmmmm
ruffsense, I've never thought about that.

We're moving/going to use Kerberos in the future, so might be worth investing some time in it.
I'd do some reading before I ask more questions.

Kerberos is really old method but in my enviroment i use both.

I'm going to lock this down since the question has been answered. Of course feel free to pm or create another topic if you wish to discuss kerberos or NTLM auth possibilities.