On 13.08.2013 16:33, Schmiechen, Sarah wrote: > Thanks Michael. > > If I do a second installation that I want to be completely public, can I just > bypass this and turn off authentication altogether? It doesn't seem that I > can turn off internal authentication without getting an error. We want this > dashboard to be completely public, not restricted by IP or anything like that.
"disabling" the internal authentication is done by using a different auth provider (like http basic auth) and taking care of the authentication variables yourself. having basic auth, you'll get the popup for login and cannot proceed if incorrect information is entered. though, telling apache to use SatisfyAny may allow access from different authentication methods than plain basic http auth. you'll just need to take care of the required variable REMOTE_USER (as for example the classic ui requires that attribute to match on the contacts and authorization). Tricks like SetEnvIf may help here as well, for details refer to the apache documentation. Other than that, it would be reasonable to just disable the authentication in your apache configuration, and just passing the default user name. > > Would it make sense to insert a link in the UI from the public installation > to the protected instance's login screen, and then redirect on logout from > the protected instance to the public instance, to simulate logging in and out > of one instance? I would hide the protected interface's url at all cost. no public access, and likely put on a different webserver too. the public one should only be exposed on a webserver being prepared for that traffic. and it should get a different idoutils db user (grants for select and execute only) having only read privilegues. further you may keep an eye on the amount of data queries (monitor the public interface). people tend to do crazy things with websites, especially when they think they are "funny" making the sysadmins angry. kind regards, michael -- DI (FH) Michael Friedrich mail: [email protected] twitter: https://twitter.com/dnsmichi jabber: [email protected] irc: irc.freenode.net/icinga dnsmichi icinga open source monitoring position: lead core developer url: https://www.icinga.org ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ icinga-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/icinga-users
