Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Multi-Tenancy

https://support.nagios.com/forum/viewtopic.php?t=1597

Page 1 of 1

Multi-Tenancy

Posted: Thu Feb 03, 2011 1:04 pm
by tdenham735
Hello,

Recently I setup NagioXI to allow for separate logins and views simulating two of our customers. This way customer1 can login and can not see customer2, etc... This works just fine in NagioXI...I simply browse to http:172.16.130.77 and all appears to work as expected. We were excited to know we can now setup individual logins to display private customer stats and views.

Unfortunately I recently found that, if logged in as customer1, if I append (nagios) to the nagios XI link, http://172.16.130.77/nagios, I can see the old familiar Nagios screen, but also I can see everything in Nagios. This seems to defeat the whole reason for having separate logins.

Is there a recommended fix to prevent customers from seeing each others data?

Thanks!

Re: Multi-Tenancy

Posted: Thu Feb 03, 2011 2:03 pm
by rdedon
Hello,
I duplicated this locally and found out why. Firefox is is caching the information as when I cleared it it worked as intended. I can see how this would definitely raise an eyebrow though!

:-)

Re: Multi-Tenancy

Posted: Thu Feb 03, 2011 3:33 pm
by admin
Here's the root cause of the problem...

Nagios core (accessed at http://localhost/nagios) using HTTP Basic authentication, while Nagios XI uses session-based authentication.

In Nagios XI you can logout of one account and login to another. XI will only show the hosts/services that the currently logged in user should see.

However, if a user logs into Nagios Core using HTTP basic authentication, there is no way to clear the credentials that get cached by the client's web browser. The have to close their web browser to completely "logout" of Nagios Core (e.g. destroy the cached credentials). This is a limitation of Nagios Core.

You could potentially prevent people from accessing Nagios Core directly by modifying the /etc/httpd/conf.d/nagios.conf file and uncommenting the "Order","Deny", and "Allow" statements. If you do this, make sure you have an "Allow from 127.0.0.1" statement, or Nagios XI won't be able to access Core.

Hope that helps.

Re: Multi-Tenancy

Posted: Thu Feb 03, 2011 4:15 pm
by tdenham735
INteresting about the caching...

I'll give "Order","Deny", and "Allow" statements a try and see what happens.

Thanks!

Re: Multi-Tenancy

Posted: Thu Feb 03, 2011 4:50 pm
by rdedon
Feel free to contact us if you have any issues with this or any questions.

Thanks!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited