Re: [Nagios-devel] Nagios - Attribute based authorization
Posted: Tue Dec 14, 2010 9:47 am
2010-12-13 13:46 keltez=C3=A9ssel, Andreas Ericsson =C3=ADrta:
> On 12/13/2010 01:15 PM, V=C3=A1g=C3=B3 Tibor wrote:
>> Hi Andreas,
>>
>> can U have a look at the new diff?
>>
>
> I've had a look. With this patch, what happens when someone tries to
> connect and the environment variable "entitlement" isn't set? It
> seems to me as if the code would then bomb out, forcing users to set
> up a bunch of variables they've never needed to before. That's not
> acceptable.
The following old configuration settings are overwriting the new=20
attribute based authorization. If U wouldn't like to use attribute=20
based authoriztaion then the following must be set:
authorized_for_system_information=3Dguest
authorized_for_configuration_information=3Dguest
authorized_for_system_commands=3Dguest
authorized_for_all_services=3Dguest
authorized_for_all_hosts=3Dguest
authorized_for_all_service_commands=3Dguest
authorized_for_all_host_commands=3Dguest
The attribute based authorization can be disabled if U comment out the=20
following line in cgi.cfg:
'authorization_config_file=3D/etc/niif/netm/cgiauth.cfg'
If U would like to use attribute based authorization then
- the settings must empty in cgi.cfg (listed above)
- 'entitlement' variable must be set
- 'authorization_config_file=3D/etc/niif/netm/cgiauth.cfg' must be=20
uncommented.
Feature plan:
- We'll change the attribute based variable from fix 'entitlement'=20
to adjustable in either config file. We'll designing it and send U a=20
new patch with the documentation.
> Also, the documentation part of the patch seems to be missing. The
> example config file contains some basic examples, but what they do
> isn't explained anywhere.
We'll make a more detailed documentation in 2011 Q1.
Best Regards,
Tibor
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> On 12/13/2010 01:15 PM, V=C3=A1g=C3=B3 Tibor wrote:
>> Hi Andreas,
>>
>> can U have a look at the new diff?
>>
>
> I've had a look. With this patch, what happens when someone tries to
> connect and the environment variable "entitlement" isn't set? It
> seems to me as if the code would then bomb out, forcing users to set
> up a bunch of variables they've never needed to before. That's not
> acceptable.
The following old configuration settings are overwriting the new=20
attribute based authorization. If U wouldn't like to use attribute=20
based authoriztaion then the following must be set:
authorized_for_system_information=3Dguest
authorized_for_configuration_information=3Dguest
authorized_for_system_commands=3Dguest
authorized_for_all_services=3Dguest
authorized_for_all_hosts=3Dguest
authorized_for_all_service_commands=3Dguest
authorized_for_all_host_commands=3Dguest
The attribute based authorization can be disabled if U comment out the=20
following line in cgi.cfg:
'authorization_config_file=3D/etc/niif/netm/cgiauth.cfg'
If U would like to use attribute based authorization then
- the settings must empty in cgi.cfg (listed above)
- 'entitlement' variable must be set
- 'authorization_config_file=3D/etc/niif/netm/cgiauth.cfg' must be=20
uncommented.
Feature plan:
- We'll change the attribute based variable from fix 'entitlement'=20
to adjustable in either config file. We'll designing it and send U a=20
new patch with the documentation.
> Also, the documentation part of the patch seems to be missing. The
> example config file contains some basic examples, but what they do
> isn't explained anywhere.
We'll make a more detailed documentation in 2011 Q1.
Best Regards,
Tibor
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]