Page 1 of 1
Nagios CGI authorization
Posted: Fri Jan 31, 2014 1:38 pm
by rshankar93
Hey,
I am trying to modify the nagios configuration files to disable
authentication by cgi files. I have changed the use_authentication
variable in the cgi.cfg file to 0, and then restarted my web server and nagios instance. I
am hoping by doing this I can disable authentication checks for which
service details are available to which users. However, when I restart
the server I still don't see the information for all host services. Is
there something else I need to do?
Thanks!
Re: Nagios CGI authorization
Posted: Fri Jan 31, 2014 1:40 pm
by abrist
Are you logging in as nagiosadmin? Your user and the respective contact name will control which objects you can see.
Re: Nagios CGI authorization
Posted: Fri Jan 31, 2014 1:52 pm
by rshankar93
I am logged in as a different user. Is there a way where I can specify that the user should be able to see any service and host details? I thought disabling cgi authorization would do this.
Re: Nagios CGI authorization
Posted: Fri Jan 31, 2014 3:01 pm
by sreinhardt
The simplest way, is just to check the box in XI user management, that authorizes them to view all hosts and services. Messing with these other settings, could have far reaching unknown issues.
Re: Nagios CGI authorization
Posted: Fri Jan 31, 2014 3:37 pm
by rshankar93
Is that available on Nagios core? I am running Nagios core 3.5.1
Re: Nagios CGI authorization
Posted: Mon Feb 03, 2014 11:08 am
by abrist
rshankar93 wrote:Is that available on Nagios core?
Nope. Ignore him
Once authorization is disabled, you need to create a default user that is authorized for everything. See:
http://nagios.sourceforge.net/docs/3_0/cgiauth.html
Authentication On Secured Web Servers
If your web server is located in a secure domain (i.e., behind a firewall) or if you are using SSL, you can define a default username that can be used to access the CGIs. This is done by defining the default_user_name option in the CGI configuration file. By defining a default username that can access the CGIs, you can allow users to access the CGIs without necessarily having to authenticate to the web server. You may want to use this to avoid having to use basic web authentication, as basic authentication transmits passwords in clear text over the Internet.
Important: Do not define a default username unless you are running a secure web server and are sure that everyone who has access to the CGIs has been authenticated in some manner. If you define this variable, anyone who has not authenticated to the web server will inherit all rights you assign to this user!