use_ssl_authentication=1 and use_authentication=1



Using these two settings at the same time cause problem. I have to disable either one in cgi.cfg even though
on my apache web server I can have both type of authentication at the same time. Is this issue documented?

By causing problem, I mean that my browser is authenticated to the web server but nagios says "It appears you don’t have permission … "

Relevant part of apache config for the virtual host that is dedicated to only nagios

SSLVerifyClient require
SSLVerifyDepth 1
SSLCACertificateFile /etc/pki/ca.crt.crl
SSLCARevocationFile /etc/pki/ca.crt.crl

ScriptAlias /nagios/cgi-bin “/usr/local/nagios/sbin/”

LogLevel Notice

Order allow,deny
Allow from all
AuthType Digest
AuthName "Nagios Access"
AuthUserFile /etc/httpd/conf/digest_passwd
Require valid-user

Notice that “ca.crt.crl” is my own private CA cert and the client certificate used by my browser has been signed with CA key.

Of course, even if I set either config option in the subject line of this post to 0, apache makes you respect these apache authentication directives.

in nagios’ cgi.cfg all “authorized_for_” section has been set to * Actually I first set to just the username of webserver authenication data
which is also the same as what are in these “authorized_for_” lines.

Thanks for your feedback