[Nagios-devel] Nagios - Attribute based authorization

Vágó Tibor oreggin at niif.hu
Tue Dec 14 09:47:16 UTC 2010


2010-12-13 13:46 keltezéssel, Andreas Ericsson írta:
> On 12/13/2010 01:15 PM, Vágó Tibor wrote:
>> Hi Andreas,
>>
>> can U have a look at the new diff?
>>
>
> I've had a look. With this patch, what happens when someone tries to
> connect and the environment variable "entitlement" isn't set? It
> seems to me as if the code would then bomb out, forcing users to set
> up a bunch of variables they've never needed to before. That's not
> acceptable.

The following old configuration settings are overwriting the new 
attribute based authorization. If U wouldn't like to use attribute 
based authoriztaion then the following must be set:

authorized_for_system_information=guest
authorized_for_configuration_information=guest
authorized_for_system_commands=guest
authorized_for_all_services=guest
authorized_for_all_hosts=guest
authorized_for_all_service_commands=guest
authorized_for_all_host_commands=guest

The attribute based authorization can be disabled if U comment out the 
following line in cgi.cfg:
'authorization_config_file=/etc/niif/netm/cgiauth.cfg'

If U would like to use attribute based authorization then
  - the settings must empty in cgi.cfg (listed above)
  - 'entitlement' variable must be set
  - 'authorization_config_file=/etc/niif/netm/cgiauth.cfg' must be 
uncommented.

Feature plan:
  - We'll change the attribute based variable from fix 'entitlement' 
to adjustable in either config file. We'll designing it and send U a 
new patch with the documentation.

> Also, the documentation part of the patch seems to be missing. The
> example config file contains some basic examples, but what they do
> isn't explained anywhere.

We'll make a more detailed documentation in 2011 Q1.

Best Regards,
Tibor




More information about the Nagios-devel mailing list