Auto-logging in through the web

I’m using Nagios to monitor a “demo network” to display to the clients so that they give us more money for montioring and we’re linking to the nagios page from our main website.

The problem is that we don’t want the clients to have to log in twice, once to our page and once when they click the link to our page.

I tried nagios:[email protected]/nagios but for some reason that only works with Maxthon and Firefox, IE doesn’t like that.

Is there a way to log in through the web through a link so that the dialog doesn’t display? Logging in twice is unattractive.

You could set all of the following in cgi.cfg, assuming that you have nagios running as the nagios user/group:

use_authentication=1
default_user_name=nagios
authorized_for_system_information=nagios
authorized_for_configuration_information=nagios
authorized_for_all_services=nagios
authorized_for_all_hosts=nagios
authorized_for_all_service_commands=nagios
authorized_for_all_host_commands=nagios

I’d recommend not setting:

authorized_for_system_commands=nagios

so that they can’t stop your demo.

Mind you, this is VERY insecure, but if it is simply a demonstration page you probably aren’t worried about who looks at it. Be absolutely sure to disable external commands, else your server might get owned! In nagios.cfg:

check_external_commands=0

This means that they can’t enable/disable any service checks, but at least they can see your pretty nagios screens.

-mike

if you don’t have problemsa on authorization isn’t it easier to get rid of the htpasswd file and give everyone all authorizations and have nagios restart every 10 minutes or so? (possibly from a clean standard config)
So they can test everything… and do no harm.

Luca

Yeah, in the docs it shows you how to set up access to the web interface before it shows you how to set up authentication, so if you’ve already taken care of authentication, then you shouldn’t need it again…unless, of course, I’m missing something.
Edited Thu Dec 29 2005, 06:25PM ]

Well, I think I might have misstated my problem. Let me have another go at it.

I have authentication working perfectly, my.web.page/nagios brings up a dialog box asking for login name and password and that all properly works.

The problem is that I’m trying to figure out how to pass the login credentials to nagios through a link from another webpage. The clients will never see that my machine exists. They’ll reach it through another page.

For example, if you were to log into an ftp through IE without seeing the dialog box asking for login credentials you would type the following:

Ftp://loginname:[email protected]

Now I tried molding that to work for Nagios so that it would look like this:

nagioslogin:[email protected]/nagios

And it works perfectly! Except when you’re using Internet Explorer. Internet explorer doesn’t like this silly idea of logging in through links. So I was wondering if someone knew another way of formatting the link.
e.g.
my.web.site/nagios?login=nagios&pass=password

=/ Perhaps I need to come up with a different authentication method than Apache2 .htaccess files.

As some of the others have stated, simply don’t use authentication for this demo nagios setup. Create your link to nagios on your website and be done with it.

Well, if I disable all authentication, ( We only want the demo login to be able to montior demo equipment, which it is doing fine right now ) how do I login as nagiosadmin to actually do some administration on the real machines?

I guess your first post was not entirely accurate then? I quote:"I’m using Nagios to monitor a “demo network”"
So now you say that is not true? If so, then you are going to have to use authentication, or else you will have your entire setup open for anyone to administer. Choice is your’s I suppose.

What about using [email protected]/nagios for your link and then make the password blank? Of course, you would make user guest so that they have no authority to do anything but look.
Edited Sat Dec 31 2005, 02:58PM ]