Ethan Galstad wrote:
>
> I prefer using the proposed config file solution to store passwords,
> etc. over the idea of passing this info via stdin. In my opinion, the
> config file option is a much simpler/elegant solution.
>
Agreed.
> It requires no mods to the Nagios daemon or plugin API. Super-secret
> info can be stored in the config file and locked down with standard file
> permissions. And a standard library/function set can be created to
> allow Perl/C plugins to grab their appropriate entries out of the config
> file.
>
Agreed again.
> Now that I'm thinking about it, this type of file format seems like it
> must be used by a number of apps. There's probably a GPL'ed library out
> there that can read/write config entries to a file in the proposed format.
>
Yup, although it's not likely any API needs to actually write the files.
Explaining to a user how to use a tool to configure their other tools
is often harder than it is to just say "make sure your config has
foo = bar
in the nitfol section".
I've got such a library which reads configs in the style of
section-name {
variable = value
}
in a very generic way. I'd be happy to share it if anyone's interested.
> As for loosing the ability to keep private information in the Nagios
> host/service definitions... I guess that's a good reason to make sure
> the monitoring server isn't used by normal users. If its a dedicated
> box, it shouldn't matter what information is being passed on the command
> lines between the daemon and the plugins.
>
There's no real difference between having the private info in the nagios
config or a separate file. If any, it'd be safer to have it in a
separate file, as it'd be clear that that file needs protecting.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]