I've seen reference to using the SSL certificate authentication performed by httpd to drive Nagios user identification -- the LCG wiki at https://twiki.cern.ch/twiki/bin/view/LCG/GridMonitoringNagiosInstall mentions a form of this. I'd like to go a step further and use one of the environment variables (specifically SSL_CLIENT_S_DN_CN) defined by mod_ssl to specify the user name. This is primarily driven by a number of issues -- well outside the scope of this list -- springing from the DoD's use of this certificate component. The basic idea is to set an environment variable, say, USERNAME, to SSL_CLIENT_S_DN_CN when mod_ssl builds the session, and have Nagios honor it as trusted and assign roles/capabilities to it in the usual places. As an example see Numara Footprints' use of $USERNAME, which it expects mod_ssl to populate when the auth method is "external". Does anyone else do this?
--
Sincerely,
Owen LaGarde
Senior Systems Administrator
[EMAIL PROTECTED]
1-800-522-6937 x4879
Engineering Research and Development Center
attn: CEERD-IH-C (Owen LaGarde)
3909 Halls Ferry Road
Vicksburg, MS 39180-6199
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
