Nagios XI and Nagvis Login Integration
Posted: Wed Jun 10, 2015 2:54 pm
Hello,
We are using Nagios XI 2014R2.7 and Nagvis 1.8.4, and are trying to integrate the user accounts, so that we do not have to maintain two username/password sets. We have tried two different ways to do this, but we are having issues with both.
Method 1: Switch the Nagvis authentication to use apache 'basic auth', by removing the comments from the following to the /etc/httpd/conf.d/nagvis.conf file:
When we used this method, we encountered a problem where authentication to Nagvis fails if the password contains a $ character (perhaps other special characters too), even though the Nagios XI authentication was successful. In fact, if you type the password up to but not including the $, the Nagvis authentication is then successful. The other problem we encountered with this method is the persistence of the Nagvis authentication. If you log out of Nagios XI, after a successful login to Nagvis, and then log in again as a different user (with the same web browser / PC), then you are sill logged into Nagvis with the previous user. As well, when we authenticate to Nagvis with this method, the 'logout' option in the Nagvis interface is absent, so there is no way to terminate the Nagvis session.
Method 2: Use the 'Old Style Authentication' as described here:
http://docs.nagvis.org/1.8/en_US/auth_old_style.html
In this case the /usr/local/nagvis/etc/nagvis.conf file is adjusted, as follows:
When we tried this method, we continually get a message that "The environment variable REMOTE_USER is not set or empty". Is the REMOTE_USER environment variable not set, when you log into Nagios XI, or has the Nagios XI authentication method changed?
Are we doing something wrong here, or is there another way to make this work?
Thank you,
Paul
We are using Nagios XI 2014R2.7 and Nagvis 1.8.4, and are trying to integrate the user accounts, so that we do not have to maintain two username/password sets. We have tried two different ways to do this, but we are having issues with both.
Method 1: Switch the Nagvis authentication to use apache 'basic auth', by removing the comments from the following to the /etc/httpd/conf.d/nagvis.conf file:
Code: Select all
AuthName "NagVis Access"
AuthType Basic
AuthUserFile /usr/local/nagiosxi/etc/htpasswd.users
Require valid-user
Method 2: Use the 'Old Style Authentication' as described here:
http://docs.nagvis.org/1.8/en_US/auth_old_style.html
In this case the /usr/local/nagvis/etc/nagvis.conf file is adjusted, as follows:
Code: Select all
; LogonEnv: It is possible to realise a fully "trusted" authentication
; mechanism like all previous NagVis versions used it before. This way the user
; is not really authenticated with NagVis. NagVis trusts the provided username
; implicitly. NagVis uses the configured environment variable to identify the
; user. You can add several authentication mechanisms to your webserver,
; starting from the basic authentication used by Nagios (.htaccess) to single
; sign-on environments.
; Simply set logonmodule to "LogonEnv", put the environment variable to use as
; username to the option logonenvvar and tell the authentication module to
; create users in the database when provided users does not exist. The option
; logonenvcreaterole tells the module to assign the new user to a specific role
; set to empty string to disable that behaviour.
logonmodule="LogonEnv"
;logonenvvar="PHP_AUTH_USER"
logonenvvar="REMOTE_USER"
logonenvcreateuser="1"
;logonenvcreaterole="Guests"
Are we doing something wrong here, or is there another way to make this work?
Thank you,
Paul