Hi again, Would it be possible even to separate them onto different virtual machines? Is it possible to access the idoutils from a second machine? Or would you recommend different web servers, but on the same machine?
Thanks, Sarah -- SWAMP Developer, High Throughput Computing Group Indiana University Research Technologies division of UITS; Research Technologies is a PTI Cyberinfrastructure & Service Center. On 8/14/13 6:17 AM, "Michael Friedrich" <[email protected]> wrote: >On 13.08.2013 16:33, Schmiechen, Sarah wrote: >> Thanks Michael. >> >> If I do a second installation that I want to be completely public, can >>I just bypass this and turn off authentication altogether? It doesn't >>seem that I can turn off internal authentication without getting an >>error. We want this dashboard to be completely public, not restricted by >>IP or anything like that. > >"disabling" the internal authentication is done by using a different >auth provider (like http basic auth) and taking care of the >authentication variables yourself. > >having basic auth, you'll get the popup for login and cannot proceed if >incorrect information is entered. though, telling apache to use >SatisfyAny may allow access from different authentication methods than >plain basic http auth. you'll just need to take care of the required >variable REMOTE_USER (as for example the classic ui requires that >attribute to match on the contacts and authorization). > >Tricks like SetEnvIf may help here as well, for details refer to the >apache documentation. > >Other than that, it would be reasonable to just disable the >authentication in your apache configuration, and just passing the >default user name. > >> >> Would it make sense to insert a link in the UI from the public >>installation to the protected instance's login screen, and then redirect >>on logout from the protected instance to the public instance, to >>simulate logging in and out of one instance? > >I would hide the protected interface's url at all cost. no public >access, and likely put on a different webserver too. the public one >should only be exposed on a webserver being prepared for that traffic. >and it should get a different idoutils db user (grants for select and >execute only) having only read privilegues. further you may keep an eye >on the amount of data queries (monitor the public interface). people >tend to do crazy things with websites, especially when they think they >are "funny" making the sysadmins angry. > >kind regards, >michael >-- >DI (FH) Michael Friedrich > >mail: [email protected] >twitter: https://twitter.com/dnsmichi >jabber: [email protected] >irc: irc.freenode.net/icinga dnsmichi > >icinga open source monitoring >position: lead core developer >url: https://www.icinga.org > >-------------------------------------------------------------------------- >---- >Get 100% visibility into Java/.NET code with AppDynamics Lite! >It's a free troubleshooting tool designed for production. >Get down to code-level detail for bottlenecks, with <2% overhead. >Download for free and get started troubleshooting in minutes. >http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktr >k >_______________________________________________ >icinga-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/icinga-users ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ icinga-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/icinga-users
