New Apache mod_auth patch for cacti
Moderators: Developers, Moderators
New Apache mod_auth patch for cacti
Hello,
I made a small patch for cacti-0.8.6f to use the mod_auth from apache in the following way.
When you are logged in via mod_auth the username is taken and used for all acl stuff in cacti to evaluate what rights the given user has. If that user is not found guest account is supposed.
But you still need all users known to apache and cacti.
That means user elcody must be known to both cacti and apache. But you only need to login via apache.
To enable this apply the switch Use Apache's Builtin Authentication in the settings/authentication section.
Result: You can use mod_auth in the same way as the build in cacti user authentification and login only once.
Let me know about problems you run in and if you like it.
Regards.
I made a small patch for cacti-0.8.6f to use the mod_auth from apache in the following way.
When you are logged in via mod_auth the username is taken and used for all acl stuff in cacti to evaluate what rights the given user has. If that user is not found guest account is supposed.
But you still need all users known to apache and cacti.
That means user elcody must be known to both cacti and apache. But you only need to login via apache.
To enable this apply the switch Use Apache's Builtin Authentication in the settings/authentication section.
Result: You can use mod_auth in the same way as the build in cacti user authentification and login only once.
Let me know about problems you run in and if you like it.
Regards.
- Attachments
-
- cacti-0.8.6f-httpauth.patch
- Apply it as ususal in the cacti directory with "patch -p1 < ../cacti-0.8.6f-httpauth.patch"
- (15.74 KiB) Downloaded 786 times
- rony
- Developer/Forum Admin
- Posts: 6022
- Joined: Mon Nov 17, 2003 6:35 pm
- Location: Michigan, USA
- Contact:
Btw, 0.9.0 has this included and is refered to as "Web Basic" authenication.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
- rony
- Developer/Forum Admin
- Posts: 6022
- Joined: Mon Nov 17, 2003 6:35 pm
- Location: Michigan, USA
- Contact:
Yes, you have misunderstood me.
Web Basic is mod_auth authenication in apache. In the next version of cacti, 0.9.0, there will be web basic support that fully intergrates into cacti's user database and permissions.
As for 0.8.6 branch, before I was a developer, I posted at least 1 patch to enable web basic authenication on cacti 0.8.6b, I think it was b...
And, because it's in the next version, 0.9.0, there are not patches that you can see. What patches are you talking about? The one I wrote in the past used cacti's user database and permissions along with Web Basic auth.
Web Basic is mod_auth authenication in apache. In the next version of cacti, 0.9.0, there will be web basic support that fully intergrates into cacti's user database and permissions.
As for 0.8.6 branch, before I was a developer, I posted at least 1 patch to enable web basic authenication on cacti 0.8.6b, I think it was b...
And, because it's in the next version, 0.9.0, there are not patches that you can see. What patches are you talking about? The one I wrote in the past used cacti's user database and permissions along with Web Basic auth.
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
Re: New Apache mod_auth patch for cacti
I'm trying to get this patch to work for 0.8.6g, but am failing. When I apply the patch, I'm getting :elcody02 wrote:Hello,
I made a small patch for cacti-0.8.6f to use the mod_auth from apache in the following way.
When you are logged in via mod_auth the username is taken and used for all acl stuff in cacti to evaluate what rights the given user has. If that user is not found guest account is supposed.
But you still need all users known to apache and cacti.
That means user elcody must be known to both cacti and apache. But you only need to login via apache.
To enable this apply the switch Use Apache's Builtin Authentication in the settings/authentication section.
Result: You can use mod_auth in the same way as the build in cacti user authentification and login only once.
Let me know about problems you run in and if you like it.
Regards.
--------------------------------------------
patching file graph.php
patching file graph_settings.php
patching file graph_view.php
Hunk #3 succeeded at 124 (offset 2 lines).
Hunk #4 succeeded at 153 (offset 17 lines).
Hunk #5 FAILED at 242.
1 out of 5 hunks FAILED -- saving rejects to file graph_view.php.rej
patching file include/auth.php
patching file include/config_settings.php
Hunk #1 succeeded at 594 (offset 17 lines).
patching file include/top_graph_header.php
patching file include/top_header.php
patching file lib/functions.php
patching file lib/html.php
patching file lib/html_tree.php
patching file lib/rrd.php
Hunk #1 succeeded at 449 (offset 5 lines).
patching file logout.php
--------------------------------------------
I've gone through and manually applied the changes that this failed at.. Now it 's trying to authenticate off of a realm called "Realm". I've gone and created an apache auth realm called Realm, but still, it doesn't login properly.. Eventually it fails when I attempt to login with this error :
Notice: Undefined index: sess_user_id in /bitpusher/services/cacti/include/auth.php on line 29
Any thoughts on what else is needed? I would love to use apache auth, as all of the other services I'm using also use apache auth, and cacti is kind of the black sheep amongst my monitoring tools right now.
-------------------
BitPusher, LLC
http://www.bitpusher.com/
1.888.9PUSHER
BitPusher, LLC
http://www.bitpusher.com/
1.888.9PUSHER
-
- Posts: 1
- Joined: Fri Aug 11, 2006 2:55 pm
cacti patch
Tried applying your patch and I'm getting the following:
--------------------
Notice: Undefined index: PHP_AUTH_USER in /usr/share/cacti/site/include/auth.php on line 29
Notice: Undefined index: PHP_AUTH_USER in /usr/share/cacti/site/include/auth.php on line 45
Warning: Cannot modify header information - headers already sent by (output started at /usr/share/cacti/site/include/auth.php:29) in /usr/share/cacti/site/auth_login.php on line 81
--------------------
I'm runing Cacti version 0.8.6f-2.
Thanks.
--
Brent
--------------------
Notice: Undefined index: PHP_AUTH_USER in /usr/share/cacti/site/include/auth.php on line 29
Notice: Undefined index: PHP_AUTH_USER in /usr/share/cacti/site/include/auth.php on line 45
Warning: Cannot modify header information - headers already sent by (output started at /usr/share/cacti/site/include/auth.php:29) in /usr/share/cacti/site/auth_login.php on line 81
--------------------
I'm runing Cacti version 0.8.6f-2.
Thanks.
--
Brent
Patch for cacti version 0.8.6.j
Hello,
attached you'll find the latest httpauth patch against cacti-0.8.6j.
Have fun.
attached you'll find the latest httpauth patch against cacti-0.8.6j.
Have fun.
- Attachments
-
- cacti-0.8.6j-httpauth.patch
- (16.23 KiB) Downloaded 567 times
Apache_auth
Elcody02,
Awesome changes, I'm using your patch on my debian distro version cacti_0.8.6i-3_all.deb. I had to apply everything by hand to make sure things meshed ok. I have one slight problem. The logout.php part doesn't log me out. It asks me to re authenticate and then finally says User Access Unauthorized. I'm wrapping cacti up in SSL because im using Kerberos Basic Auth via mod_auth_kerb.
Any ideas?
Metalo
Awesome changes, I'm using your patch on my debian distro version cacti_0.8.6i-3_all.deb. I had to apply everything by hand to make sure things meshed ok. I have one slight problem. The logout.php part doesn't log me out. It asks me to re authenticate and then finally says User Access Unauthorized. I'm wrapping cacti up in SSL because im using Kerberos Basic Auth via mod_auth_kerb.
Any ideas?
Metalo
Re: Apache_auth
Not really. I remember playing with this one a little bit and I didn't find a valid solution. I think it was also different with different browsers.metalo wrote:Elcody02,
It asks me to re authenticate and then finally says User Access Unauthorized.
Any ideas?
Metalo
As far as I remember there is only one way:
Close the browser and reopen it, log in as other user.
But let me know if you have a better idea.
Regards.
Re: Apache_auth
There is actually a way to make it work that I found during a late night google search using javascript. I can't get it to work over ssl but I'm also no javascript coder so maybe someone with a bit of knowledge could make it work. We've tested it with Firefox 2.0.0.4 and IE7.elcody02 wrote:Not really. I remember playing with this one a little bit and I didn't find a valid solution. I think it was also different with different browsers.metalo wrote:Elcody02,
It asks me to re authenticate and then finally says User Access Unauthorized.
Any ideas?
Metalo
As far as I remember there is only one way:
Close the browser and reopen it, log in as other user.
But let me know if you have a better idea.
Regards.
I'm on the road right now but if I have time tonight I'll post up my logout.php file or a patch. I'm not using the method discussed in this thread (we're using an old set of patches rony created) but it shouldn't matter as long as you're using http basic auth.
- rony
- Developer/Forum Admin
- Posts: 6022
- Joined: Mon Nov 17, 2003 6:35 pm
- Location: Michigan, USA
- Contact:
0.8.6k now has web basic authenication and the user editor will alllow you to adjust the user realm.
We are looking at releasing 0.8.6k in July.Cacti CHANGELOG
0.8.6k
<snip>
-feature: Add Web Basic authentication
-feature: Add authenication realm to modifiable user parameters
[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
Any news on this topic? I just tried to apply the patch our 0.8.6j install. Though for some reason, after that, I can only login as a superuser. For restricted users I'm getting access denied. Is 0.8.6k to be released any time soon, or should I put my efforts into getting the patch work properly for me?rony wrote:0.8.6k now has web basic authenication and the user editor will alllow you to adjust the user realm.
We are looking at releasing 0.8.6k in July.Cacti CHANGELOG
0.8.6k
<snip>
-feature: Add Web Basic authentication
-feature: Add authenication realm to modifiable user parameters
Correction: Seems we're still running 0.8.6i. I'll try upgrading to 0.8.6j in a bit to see if that makes any difference.
Update: Upgrading to 0.8.6j broke my poller.php somehow. Too bad I don't have time to dig into this right now.
Update 2: I've done a clean test installation of 0.8.6j and applied the patch. I also found out what the problem was with the authentication. Since the logon screen is circumvented, users aren't redirected according to the cacti settings and thus end up at the console page, where they might not have access to.
Who is online
Users browsing this forum: No registered users and 0 guests