Re: [Nagios-devel] Re: [Nagios-users] Re: How to Loggout?
Posted: Fri Jun 04, 2004 6:13 am
This I have to strongly disagree with. A logout page is something that can b=
e
done by you as there are numerous apache docs on user logout.
However letting the web server do the auth is the best way to accomplish tha=
t
task. We use Nagios as part of an overall Noc Website that includes docs and
other infromation. We integrate the nagios status screens and urls inside th=
at
site and use one login across the whole site. Since nagios reads the
authenticated user I don't have to configure two seperate authentication
systems. On top of that we are now moving to apache with an LDAP back end
authentication. There are several different apache modules for authenticatin=
g
anyone anywhere anyway you want and to bring that burden on Nagios I think
would be a mistake.
just my .02
Derrick
Quoting Leonardo Henrique Machado :
>
> Devel Team,
>
> are you all thinking about a solutinon to this problema?
>
> I realy think it's a very important feature that nagios lacks. Why cannot
> Nagios handle the autentication by it self?
>
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole (.htaccess
> is also very unsafe).
>
> I hope it could be in Nagios 2.0.
>
>
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
>
> > Jason Martin writes:
> >
> > > It is actually a problem with the HTTP Spec
> >
> > Not really. The spec provides a simple means of authenticating yourself=
.
> > In many cases it is reasonable to assume that you will want to keep on
> > authenticating yourself. In some situations you need to be able to logo=
ut,
> > and then it is up to the website to use a different means of
> authentication.
> >
> > Yahoo, Hotmail and many other sites all use a different means of
> > authentication so people can logout, because these are services that are
> > often accessed from internet cafes or library internet terminals. Most
> > people who use Nagios have little need to be able to logout, so it was
> > reasonable for Ethan to use the HTTP authentiaction mechanism.
> >
> > > once a password is provided for a security realm, there isn't a way to
> > > get the server to 'forget' it.
> >
> > It is the browser that remembers the credentials, not the server. You
> > may be able to fiddle it with a sub-directory which has a .htaccess
> > defining the same realm but pointing to an empty password file. Going
> > to a page there may cause the browser to put up another login box, which
> > will fail, then the password is forgotten. Clumsy, but not as clumsy as
> > restarting your browser.
> >
> > --
> > Paul Allen
> > Softflare Support
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by the new InstallShield X.
> > >From Windows to Linux, servers to mobile, InstallShield X is the one
> > installation-authoring solution that does it all. Learn more and
> > evaluate today! http://www.installshield.com/Dev2Dev/0504
> > _______________________________________________
> > Nagios-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/lis ... gios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
> --
> Leonardo Henrique Machado
> =DAltimo Per=EDodo em Ci=EAncia da Computacao
> Universidade Federal de Minas Gerais
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
> installation-authoring solution that does it all. Learn more and
> evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
e
done by you as there are numerous apache docs on user logout.
However letting the web server do the auth is the best way to accomplish tha=
t
task. We use Nagios as part of an overall Noc Website that includes docs and
other infromation. We integrate the nagios status screens and urls inside th=
at
site and use one login across the whole site. Since nagios reads the
authenticated user I don't have to configure two seperate authentication
systems. On top of that we are now moving to apache with an LDAP back end
authentication. There are several different apache modules for authenticatin=
g
anyone anywhere anyway you want and to bring that burden on Nagios I think
would be a mistake.
just my .02
Derrick
Quoting Leonardo Henrique Machado :
>
> Devel Team,
>
> are you all thinking about a solutinon to this problema?
>
> I realy think it's a very important feature that nagios lacks. Why cannot
> Nagios handle the autentication by it self?
>
> We could also have an admin interface to let the contacts change their
> passwords. I don't think that the it would be a security hole (.htaccess
> is also very unsafe).
>
> I hope it could be in Nagios 2.0.
>
>
> On Fri, 4 Jun 2004, Paul L. Allen wrote:
>
> > Jason Martin writes:
> >
> > > It is actually a problem with the HTTP Spec
> >
> > Not really. The spec provides a simple means of authenticating yourself=
.
> > In many cases it is reasonable to assume that you will want to keep on
> > authenticating yourself. In some situations you need to be able to logo=
ut,
> > and then it is up to the website to use a different means of
> authentication.
> >
> > Yahoo, Hotmail and many other sites all use a different means of
> > authentication so people can logout, because these are services that are
> > often accessed from internet cafes or library internet terminals. Most
> > people who use Nagios have little need to be able to logout, so it was
> > reasonable for Ethan to use the HTTP authentiaction mechanism.
> >
> > > once a password is provided for a security realm, there isn't a way to
> > > get the server to 'forget' it.
> >
> > It is the browser that remembers the credentials, not the server. You
> > may be able to fiddle it with a sub-directory which has a .htaccess
> > defining the same realm but pointing to an empty password file. Going
> > to a page there may cause the browser to put up another login box, which
> > will fail, then the password is forgotten. Clumsy, but not as clumsy as
> > restarting your browser.
> >
> > --
> > Paul Allen
> > Softflare Support
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email is sponsored by the new InstallShield X.
> > >From Windows to Linux, servers to mobile, InstallShield X is the one
> > installation-authoring solution that does it all. Learn more and
> > evaluate today! http://www.installshield.com/Dev2Dev/0504
> > _______________________________________________
> > Nagios-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/lis ... gios-users
> > ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> > ::: Messages without supporting info will risk being sent to /dev/null
> >
>
> --
> Leonardo Henrique Machado
> =DAltimo Per=EDodo em Ci=EAncia da Computacao
> Universidade Federal de Minas Gerais
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
> installation-authoring solution that does it all. Learn more and
> evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]