RE: [Nagios-devel] Re: [Nagios-users] Re: How to Loggout?
Posted: Fri Jun 04, 2004 6:26 am
Someone has already written a .cgi to allow users to change their
passwords. I used it in an earlier version of NetSaint, but did not
carry it over to my Nagios install last year. So, I don't have much more
information for you, other than the fact that it was out there at one
time. It may be that it can be located in the Add-Ons section of the
Nagios web site. If not, you might find it by searching the archives.
Good luck.
Garry W. Cook, CCNA
Network Infrastructure Manager
MACTEC, Inc. - http://www.mactec.com/
303.308.6228 (Office) - 720.220.1862 (Mobile)
[email protected] wrote:
> Devel Team,
>=20
> are you all thinking about a solutinon to this problema?
>=20
> I realy think it's a very important feature that nagios
> lacks. Why cannot
> Nagios handle the autentication by it self?
>=20
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole
> (.htaccess is also very unsafe).
>=20
> I hope it could be in Nagios 2.0.
>=20
>=20
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
>=20
>> Jason Martin writes:
>>=20
>>> It is actually a problem with the HTTP Spec
>>=20
>> Not really. The spec provides a simple means of authenticating
>> yourself. In many cases it is reasonable to assume that you will
>> want to keep on authenticating yourself. In some situations you
>> need to be able to logout, and then it is up to the website to use a
>> different means of authentication.=20
>>=20
>> Yahoo, Hotmail and many other sites all use a different means of
>> authentication so people can logout, because these are services that
>> are often accessed from internet cafes or library internet
>> terminals. Most people who use Nagios have little need to be able
>> to logout, so it was reasonable for Ethan to use the HTTP
>> authentiaction mechanism.=20
>>=20
>>> once a password is provided for a security realm, there isn't a way
>>> to get the server to 'forget' it.
>>=20
>> It is the browser that remembers the credentials, not the server.=20
>> You may be able to fiddle it with a sub-directory which has a
>> .htaccess defining the same realm but pointing to an empty password
>> file. Going to a page there may cause the browser to put up another
>> login box, which will fail, then the password is forgotten. Clumsy,
>> but not as clumsy as restarting your browser.=20
>>=20
>> --
>> Paul Allen
>> Softflare Support
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
passwords. I used it in an earlier version of NetSaint, but did not
carry it over to my Nagios install last year. So, I don't have much more
information for you, other than the fact that it was out there at one
time. It may be that it can be located in the Add-Ons section of the
Nagios web site. If not, you might find it by searching the archives.
Good luck.
Garry W. Cook, CCNA
Network Infrastructure Manager
MACTEC, Inc. - http://www.mactec.com/
303.308.6228 (Office) - 720.220.1862 (Mobile)
[email protected] wrote:
> Devel Team,
>=20
> are you all thinking about a solutinon to this problema?
>=20
> I realy think it's a very important feature that nagios
> lacks. Why cannot
> Nagios handle the autentication by it self?
>=20
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole
> (.htaccess is also very unsafe).
>=20
> I hope it could be in Nagios 2.0.
>=20
>=20
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
>=20
>> Jason Martin writes:
>>=20
>>> It is actually a problem with the HTTP Spec
>>=20
>> Not really. The spec provides a simple means of authenticating
>> yourself. In many cases it is reasonable to assume that you will
>> want to keep on authenticating yourself. In some situations you
>> need to be able to logout, and then it is up to the website to use a
>> different means of authentication.=20
>>=20
>> Yahoo, Hotmail and many other sites all use a different means of
>> authentication so people can logout, because these are services that
>> are often accessed from internet cafes or library internet
>> terminals. Most people who use Nagios have little need to be able
>> to logout, so it was reasonable for Ethan to use the HTTP
>> authentiaction mechanism.=20
>>=20
>>> once a password is provided for a security realm, there isn't a way
>>> to get the server to 'forget' it.
>>=20
>> It is the browser that remembers the credentials, not the server.=20
>> You may be able to fiddle it with a sub-directory which has a
>> .htaccess defining the same realm but pointing to an empty password
>> file. Going to a page there may cause the browser to put up another
>> login box, which will fail, then the password is forgotten. Clumsy,
>> but not as clumsy as restarting your browser.=20
>>=20
>> --
>> Paul Allen
>> Softflare Support
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]