Re: [Nagios-devel] Nagios patch - x509 cert authentication
Posted: Tue Jul 22, 2008 6:24 am
--nextPart1450781.L7ru4c0iUd
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 22 of July 2008 16:03:39 Jim Perrin wrote:
> On Tue, Jul 22, 2008 at 9:59 AM, Pawel Zuzelski wrote:
> > Hi all,
> >
> > I have patched nagios cgi to enable certificate based authentication.
> >
> > In order to enable SSL authentication one have to set:
> > use_ssl_authentication =3D 1
> > in cgi.cfg config file, so this patch does not affect default behavior =
of
> > nagios.
>
> Excellent! One question though. How is this different from using SSL
> certificate authentication via mod_ssl with FakeBasicAuth?
Most important differences are
* nagios admin does not have to add new users to htpasswd file (or some so=
rt=20
of authn database).
* user's id is commonName (which may be his real name), not DN.
Pawe=C5=82 Zuzelski
=2D-=20
TouK sp. z o.o. s.k.a. tel: +48664282776, +48225761854, jid:pzz@touk.=
pl
SSL root cert: http://cert.touk.pl/
SHA1 fingerprint: 4A:AC:7F:DA:54:B0:89:AE:D9:CD:B1:5E:95:88:BD:FD:B4:5E:1F:=
92
--nextPart1450781.L7ru4c0iUd
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDHzCCAxsw
ggKEoAMCAQICCQCplhT2dFISIDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJQTDERMA8GA1UE
BxMIV2Fyc3phd2ExHzAdBgNVBAoTFlRvdUsgU3AuIHogby5vLiBzLmsuYS4xEDAOBgNVBAMTB1Rv
dUsgQ0ExGzAZBgkqhkiG9w0BCQEWDGNlcnRAdG91ay5wbDAeFw0wODA1MjAxNDUwMDlaFw0wOTA1
MjAxNDUwMDlaMGMxCzAJBgNVBAYTAlBMMR8wHQYDVQQKExZUb3VLIFNwLiB6IG8uby4gcy5rLmEu
MRcwFQYDVQQDEw5QYXdlbCBadXplbHNraTEaMBgGCSqGSIb3DQEJARYLcHp6QHRvdWsucGwwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPulLq8N3TK3iRqtTNAQzu900/abNHPuILYoCL0YHMdg
eHto4m9kXuyETJcvDMqtsTifYtExHLjT1ZAvH60K7lSk8quzEmCsF7cbl2yjwMV8Txd2/5tzxlQT
gVx8OxfHrhHyimFhAl5Y63VJJwktXeD1XPikB+JITBSaUwuz7ExxAgMBAAGjgckwgcYwCQYDVR0T
BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFAEvLd9SN9qaKZFp4D15eYcFl0U/MB8GA1UdIwQYMBaAFAU5GX6n7dnxcDhy72TLW95XtU/J
MCgGCWCGSAGG+EIBBAQbFhlodHRwOi8vdG91ay5wbC9jYS1jcmwucGVtMCEGCWCGSAGG+EIBAwQU
FhJodHRwOi8vdG91ay5wbC9jcmwwDQYJKoZIhvcNAQEFBQADgYEAZHCSv8OFEDV3LMa6GQRlqywD
+EWXsBDs89Tv+7BFiyIKH3gyY8OdZAKLmYtL4OOdKTErOxHT6DBZxvzKjqWSvdx0mjjKsECwZ7SV
b5pJ3AoYLon9vZD5lkngIvRZtUQxrlxXt9uBGK0PzfUrUBNfoWHeOt3U0PaBpsOj87i8ctAxggGt
MIIBqQIBATB9MHAxCzAJBgNVBAYTAlBMMREwDwYDVQQHEwhXYXJzemF3YTEfMB0GA1UEChMWVG91
SyBTcC4geiBvLm8uIHMuay5hLjEQMA4GA1UEAxMHVG91SyBDQTEbMBkGCSqGSIb3DQEJARYMY2Vy
dEB0b3VrLnBsAgkAqZYU9nRSEiAwBwYFKw4DAhqggYswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDgwNzIyMTQyNDIyWjAjBgkqhkiG9w0BCQQxFgQUwIphYjMDBdOj
bxVTSgMGaByVuMgwLAYJKoZIhvcNAQkPMR8wHTANBglghkgBZQMEAQIFADAMBggqhkiG9w0DBwUA
MAsGCSqGSIb3DQEBAQSBgOfW60oyiGYvmuD+E8+DpJ+kRpSSVlgcV6K59z2n1u9LOjwJszy8+B1N
Wt3QzCdq4WsQMpigHDfgzvhtVKpHaz1Ygd4rZptHVcYdwuRNHV1SW5KU/lzBy8FDXzFs4y8x5A/1
ExIrUzTjCu/yj/jsBFkygMOtMxZmfqB/F7+3xY2xAAAAAAAA
--nextPart1450781.L7ru4c0iUd--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Tuesday 22 of July 2008 16:03:39 Jim Perrin wrote:
> On Tue, Jul 22, 2008 at 9:59 AM, Pawel Zuzelski wrote:
> > Hi all,
> >
> > I have patched nagios cgi to enable certificate based authentication.
> >
> > In order to enable SSL authentication one have to set:
> > use_ssl_authentication =3D 1
> > in cgi.cfg config file, so this patch does not affect default behavior =
of
> > nagios.
>
> Excellent! One question though. How is this different from using SSL
> certificate authentication via mod_ssl with FakeBasicAuth?
Most important differences are
* nagios admin does not have to add new users to htpasswd file (or some so=
rt=20
of authn database).
* user's id is commonName (which may be his real name), not DN.
Pawe=C5=82 Zuzelski
=2D-=20
TouK sp. z o.o. s.k.a. tel: +48664282776, +48225761854, jid:pzz@touk.=
pl
SSL root cert: http://cert.touk.pl/
SHA1 fingerprint: 4A:AC:7F:DA:54:B0:89:AE:D9:CD:B1:5E:95:88:BD:FD:B4:5E:1F:=
92
--nextPart1450781.L7ru4c0iUd
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIDHzCCAxsw
ggKEoAMCAQICCQCplhT2dFISIDANBgkqhkiG9w0BAQUFADBwMQswCQYDVQQGEwJQTDERMA8GA1UE
BxMIV2Fyc3phd2ExHzAdBgNVBAoTFlRvdUsgU3AuIHogby5vLiBzLmsuYS4xEDAOBgNVBAMTB1Rv
dUsgQ0ExGzAZBgkqhkiG9w0BCQEWDGNlcnRAdG91ay5wbDAeFw0wODA1MjAxNDUwMDlaFw0wOTA1
MjAxNDUwMDlaMGMxCzAJBgNVBAYTAlBMMR8wHQYDVQQKExZUb3VLIFNwLiB6IG8uby4gcy5rLmEu
MRcwFQYDVQQDEw5QYXdlbCBadXplbHNraTEaMBgGCSqGSIb3DQEJARYLcHp6QHRvdWsucGwwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPulLq8N3TK3iRqtTNAQzu900/abNHPuILYoCL0YHMdg
eHto4m9kXuyETJcvDMqtsTifYtExHLjT1ZAvH60K7lSk8quzEmCsF7cbl2yjwMV8Txd2/5tzxlQT
gVx8OxfHrhHyimFhAl5Y63VJJwktXeD1XPikB+JITBSaUwuz7ExxAgMBAAGjgckwgcYwCQYDVR0T
BAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
BBYEFAEvLd9SN9qaKZFp4D15eYcFl0U/MB8GA1UdIwQYMBaAFAU5GX6n7dnxcDhy72TLW95XtU/J
MCgGCWCGSAGG+EIBBAQbFhlodHRwOi8vdG91ay5wbC9jYS1jcmwucGVtMCEGCWCGSAGG+EIBAwQU
FhJodHRwOi8vdG91ay5wbC9jcmwwDQYJKoZIhvcNAQEFBQADgYEAZHCSv8OFEDV3LMa6GQRlqywD
+EWXsBDs89Tv+7BFiyIKH3gyY8OdZAKLmYtL4OOdKTErOxHT6DBZxvzKjqWSvdx0mjjKsECwZ7SV
b5pJ3AoYLon9vZD5lkngIvRZtUQxrlxXt9uBGK0PzfUrUBNfoWHeOt3U0PaBpsOj87i8ctAxggGt
MIIBqQIBATB9MHAxCzAJBgNVBAYTAlBMMREwDwYDVQQHEwhXYXJzemF3YTEfMB0GA1UEChMWVG91
SyBTcC4geiBvLm8uIHMuay5hLjEQMA4GA1UEAxMHVG91SyBDQTEbMBkGCSqGSIb3DQEJARYMY2Vy
dEB0b3VrLnBsAgkAqZYU9nRSEiAwBwYFKw4DAhqggYswGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEH
ATAcBgkqhkiG9w0BCQUxDxcNMDgwNzIyMTQyNDIyWjAjBgkqhkiG9w0BCQQxFgQUwIphYjMDBdOj
bxVTSgMGaByVuMgwLAYJKoZIhvcNAQkPMR8wHTANBglghkgBZQMEAQIFADAMBggqhkiG9w0DBwUA
MAsGCSqGSIb3DQEBAQSBgOfW60oyiGYvmuD+E8+DpJ+kRpSSVlgcV6K59z2n1u9LOjwJszy8+B1N
Wt3QzCdq4WsQMpigHDfgzvhtVKpHaz1Ygd4rZptHVcYdwuRNHV1SW5KU/lzBy8FDXzFs4y8x5A/1
ExIrUzTjCu/yj/jsBFkygMOtMxZmfqB/F7+3xY2xAAAAAAAA
--nextPart1450781.L7ru4c0iUd--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]