On 05.09.2013 21:27, Schmiechen, Sarah wrote: > Hi again, > > Would it be possible even to separate them onto different virtual > machines? Is it possible to access the idoutils from a second machine? Or > would you recommend different web servers, but on the same machine?
it's a database - so depending on your firewall policies you may allow a different host to access it (i.e. with a readonly user). commands shouldn't be sent by public dashboards anyways. i'd use a different vm publicly exposed. but that's personal taste and sometimes not possible. > > Thanks, > Sarah > > -- > SWAMP Developer, High Throughput Computing Group > Indiana University Research Technologies division of UITS; Research > Technologies is a PTI Cyberinfrastructure& Service Center. > > > > > > > On 8/14/13 6:17 AM, "Michael Friedrich"<[email protected]> > wrote: > >> On 13.08.2013 16:33, Schmiechen, Sarah wrote: >>> Thanks Michael. >>> >>> If I do a second installation that I want to be completely public, can >>> I just bypass this and turn off authentication altogether? It doesn't >>> seem that I can turn off internal authentication without getting an >>> error. We want this dashboard to be completely public, not restricted by >>> IP or anything like that. >> >> "disabling" the internal authentication is done by using a different >> auth provider (like http basic auth) and taking care of the >> authentication variables yourself. >> >> having basic auth, you'll get the popup for login and cannot proceed if >> incorrect information is entered. though, telling apache to use >> SatisfyAny may allow access from different authentication methods than >> plain basic http auth. you'll just need to take care of the required >> variable REMOTE_USER (as for example the classic ui requires that >> attribute to match on the contacts and authorization). >> >> Tricks like SetEnvIf may help here as well, for details refer to the >> apache documentation. >> >> Other than that, it would be reasonable to just disable the >> authentication in your apache configuration, and just passing the >> default user name. >> >>> >>> Would it make sense to insert a link in the UI from the public >>> installation to the protected instance's login screen, and then redirect >>> on logout from the protected instance to the public instance, to >>> simulate logging in and out of one instance? >> >> I would hide the protected interface's url at all cost. no public >> access, and likely put on a different webserver too. the public one >> should only be exposed on a webserver being prepared for that traffic. >> and it should get a different idoutils db user (grants for select and >> execute only) having only read privilegues. further you may keep an eye >> on the amount of data queries (monitor the public interface). people >> tend to do crazy things with websites, especially when they think they >> are "funny" making the sysadmins angry. >> >> kind regards, >> michael >> -- >> DI (FH) Michael Friedrich >> >> mail: [email protected] >> twitter: https://twitter.com/dnsmichi >> jabber: [email protected] >> irc: irc.freenode.net/icinga dnsmichi >> >> icinga open source monitoring >> position: lead core developer >> url: https://www.icinga.org >> >> -------------------------------------------------------------------------- >> ---- >> Get 100% visibility into Java/.NET code with AppDynamics Lite! >> It's a free troubleshooting tool designed for production. >> Get down to code-level detail for bottlenecks, with<2% overhead. >> Download for free and get started troubleshooting in minutes. >> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktr >> k >> _______________________________________________ >> icinga-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/icinga-users > > > ------------------------------------------------------------------------------ > Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! > Discover the easy way to master current and previous Microsoft technologies > and advance your career. Get an incredible 1,500+ hours of step-by-step > tutorial videos with LearnDevNow. Subscribe today and save! > http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk > _______________________________________________ > icinga-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/icinga-users -- DI (FH) Michael Friedrich mail: [email protected] twitter: https://twitter.com/dnsmichi jabber: [email protected] irc: irc.freenode.net/icinga dnsmichi icinga open source monitoring position: lead core developer url: https://www.icinga.org ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk _______________________________________________ icinga-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/icinga-users
