|
|
| Author |
Message |
elcody02
Joined: 23 Aug 2005
Posts: 8
|
 Posted: Tue Aug 23, 2005 8:14 am Post subject: New Apache mod_auth patch for cacti |
 |
|
Hello,
I made a small patch for cacti-0.8.6f to use the mod_auth from apache in the following way.
When you are logged in via mod_auth the username is taken and used for all acl stuff in cacti to evaluate what rights the given user has. If that user is not found guest account is supposed.
But you still need all users known to apache and cacti.
That means user elcody must be known to both cacti and apache. But you only need to login via apache.
To enable this apply the switch Use Apache's Builtin Authentication in the settings/authentication section.
Result: You can use mod_auth in the same way as the build in cacti user authentification and login only once.
Let me know about problems you run in and if you like it.
Regards.
| Description: |
| Apply it as ususal in the cacti directory with "patch -p1 < ../cacti-0.8.6f-httpauth.patch" |
|
Download |
| Filename: |
cacti-0.8.6f-httpauth.patch |
| Filesize: |
15.74 KB |
| Downloaded: |
547 Time(s) |
|
|
| Back to top |
|
 |
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
| Posted: Tue Aug 23, 2005 9:23 am Post subject: |
|
|
| Btw, 0.9.0 has this included and is refered to as "Web Basic" authenication.
|
|
| Back to top |
|
|
elcody02
Joined: 23 Aug 2005
Posts: 8
|
| Posted: Tue Aug 23, 2005 9:49 am Post subject: |
|
|
I don't think so. Because the patches I saw disabled both authentication and acl. That means no different views for different apache users any more.
And this patch takes that into account.
But perhaps I missunderstood something.
|
|
| Back to top |
|
|
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
| Posted: Tue Aug 23, 2005 12:21 pm Post subject: |
|
|
Yes, you have misunderstood me.
Web Basic is mod_auth authenication in apache. In the next version of cacti, 0.9.0, there will be web basic support that fully intergrates into cacti's user database and permissions.
As for 0.8.6 branch, before I was a developer, I posted at least 1 patch to enable web basic authenication on cacti 0.8.6b, I think it was b... 
And, because it's in the next version, 0.9.0, there are not patches that you can see. What patches are you talking about? The one I wrote in the past used cacti's user database and permissions along with Web Basic auth. 
|
|
| Back to top |
|
|
elcody02
Joined: 23 Aug 2005
Posts: 8
|
| Posted: Tue Aug 23, 2005 5:18 pm Post subject: |
|
|
Strike, just mixed up versions  . So, as far as 0.9.0 is not out yet. Perhaps that can still help. It was on my personal wishlist for a long time and I needed to have it right away so here you go.
|
|
| Back to top |
|
|
bitpusher
Joined: 18 Jan 2005
Posts: 26
|
| Posted: Fri May 19, 2006 9:05 pm Post subject: Re: New Apache mod_auth patch for cacti |
|
|
| elcody02 wrote: | Hello,
I made a small patch for cacti-0.8.6f to use the mod_auth from apache in the following way.
When you are logged in via mod_auth the username is taken and used for all acl stuff in cacti to evaluate what rights the given user has. If that user is not found guest account is supposed.
But you still need all users known to apache and cacti.
That means user elcody must be known to both cacti and apache. But you only need to login via apache.
To enable this apply the switch Use Apache's Builtin Authentication in the settings/authentication section.
Result: You can use mod_auth in the same way as the build in cacti user authentification and login only once.
Let me know about problems you run in and if you like it.
Regards. |
I'm trying to get this patch to work for 0.8.6g, but am failing. When I apply the patch, I'm getting :
--------------------------------------------
patching file graph.php
patching file graph_settings.php
patching file graph_view.php
Hunk #3 succeeded at 124 (offset 2 lines).
Hunk #4 succeeded at 153 (offset 17 lines).
Hunk #5 FAILED at 242.
1 out of 5 hunks FAILED -- saving rejects to file graph_view.php.rej
patching file include/auth.php
patching file include/config_settings.php
Hunk #1 succeeded at 594 (offset 17 lines).
patching file include/top_graph_header.php
patching file include/top_header.php
patching file lib/functions.php
patching file lib/html.php
patching file lib/html_tree.php
patching file lib/rrd.php
Hunk #1 succeeded at 449 (offset 5 lines).
patching file logout.php
--------------------------------------------
I've gone through and manually applied the changes that this failed at.. Now it 's trying to authenticate off of a realm called "Realm". I've gone and created an apache auth realm called Realm, but still, it doesn't login properly.. Eventually it fails when I attempt to login with this error :
Notice: Undefined index: sess_user_id in /bitpusher/services/cacti/include/auth.php on line 29
Any thoughts on what else is needed? I would love to use apache auth, as all of the other services I'm using also use apache auth, and cacti is kind of the black sheep amongst my monitoring tools right now.
|
|
| Back to top |
|
|
Xme
Joined: 14 Jun 2006
Posts: 3
Location: Brussels, Belgium
|
| Posted: Fri Jul 07, 2006 7:24 am Post subject: |
|
|
| rony wrote: | | Btw, 0.9.0 has this included and is refered to as "Web Basic" authenication. |
Any idea when 0.9.0 will be out? It's exactly what I'm looking for.
(I prefer to use a standard package instead of patching code)
|
|
| Back to top |
|
|
clevvernet
Joined: 11 Aug 2006
Posts: 1
|
| Posted: Fri Aug 11, 2006 2:57 pm Post subject: cacti patch |
|
|
Tried applying your patch and I'm getting the following:
--------------------
Notice: Undefined index: PHP_AUTH_USER in /usr/share/cacti/site/include/auth.php on line 29
Notice: Undefined index: PHP_AUTH_USER in /usr/share/cacti/site/include/auth.php on line 45
Warning: Cannot modify header information - headers already sent by (output started at /usr/share/cacti/site/include/auth.php:29) in /usr/share/cacti/site/auth_login.php on line 81
--------------------
I'm runing Cacti version 0.8.6f-2.
Thanks.
--
Brent
|
|
| Back to top |
|
|
elcody02
Joined: 23 Aug 2005
Posts: 8
|
| Posted: Fri Apr 27, 2007 1:40 am Post subject: Patch for cacti version 0.8.6.j |
|
|
Hello,
attached you'll find the latest httpauth patch against cacti-0.8.6j.
Have fun.
| Description: |
|
Download |
| Filename: |
cacti-0.8.6j-httpauth.patch |
| Filesize: |
16.23 KB |
| Downloaded: |
333 Time(s) |
|
|
| Back to top |
|
|
metalo
Joined: 29 May 2007
Posts: 1
|
| Posted: Tue May 29, 2007 7:41 am Post subject: Apache_auth |
|
|
Elcody02,
Awesome changes, I'm using your patch on my debian distro version cacti_0.8.6i-3_all.deb. I had to apply everything by hand to make sure things meshed ok. I have one slight problem. The logout.php part doesn't log me out. It asks me to re authenticate and then finally says User Access Unauthorized. I'm wrapping cacti up in SSL because im using Kerberos Basic Auth via mod_auth_kerb.
Any ideas?
Metalo
|
|
| Back to top |
|
|
elcody02
Joined: 23 Aug 2005
Posts: 8
|
| Posted: Sun Jun 03, 2007 11:18 am Post subject: Re: Apache_auth |
|
|
| metalo wrote: | Elcody02,
It asks me to re authenticate and then finally says User Access Unauthorized.
Any ideas?
Metalo |
Not really. I remember playing with this one a little bit and I didn't find a valid solution. I think it was also different with different browsers.
As far as I remember there is only one way:
Close the browser and reopen it, log in as other user.
But let me know if you have a better idea.
Regards.
|
|
| Back to top |
|
|
tdjb
Joined: 16 Oct 2006
Posts: 18
|
| Posted: Mon Jun 04, 2007 5:13 pm Post subject: Re: Apache_auth |
|
|
| elcody02 wrote: | | metalo wrote: | Elcody02,
It asks me to re authenticate and then finally says User Access Unauthorized.
Any ideas?
Metalo |
Not really. I remember playing with this one a little bit and I didn't find a valid solution. I think it was also different with different browsers.
As far as I remember there is only one way:
Close the browser and reopen it, log in as other user.
But let me know if you have a better idea.
Regards. |
There is actually a way to make it work that I found during a late night google search using javascript. I can't get it to work over ssl but I'm also no javascript coder so maybe someone with a bit of knowledge could make it work. We've tested it with Firefox 2.0.0.4 and IE7.
I'm on the road right now but if I have time tonight I'll post up my logout.php file or a patch. I'm not using the method discussed in this thread (we're using an old set of patches rony created) but it shouldn't matter as long as you're using http basic auth.
|
|
| Back to top |
|
|
rony
Developer/Forum Admin
Joined: 17 Nov 2003
Posts: 5469
Location: Wisconsin, USA
|
| Posted: Sun Jun 10, 2007 4:02 pm Post subject: |
|
|
0.8.6k now has web basic authenication and the user editor will alllow you to adjust the user realm.
| Quote: |
Cacti CHANGELOG
0.8.6k
<snip>
-feature: Add Web Basic authentication
-feature: Add authenication realm to modifiable user parameters
|
We are looking at releasing 0.8.6k in July.
|
|
| Back to top |
|
|
ruben
Joined: 12 Apr 2007
Posts: 9
|
| Posted: Fri Aug 17, 2007 5:56 am Post subject: |
|
|
| rony wrote: | 0.8.6k now has web basic authenication and the user editor will alllow you to adjust the user realm.
| Quote: |
Cacti CHANGELOG
0.8.6k
<snip>
-feature: Add Web Basic authentication
-feature: Add authenication realm to modifiable user parameters
|
We are looking at releasing 0.8.6k in July. |
Any news on this topic? I just tried to apply the patch our 0.8.6j install. Though for some reason, after that, I can only login as a superuser. For restricted users I'm getting access denied. Is 0.8.6k to be released any time soon, or should I put my efforts into getting the patch work properly for me?
Correction: Seems we're still running 0.8.6i. I'll try upgrading to 0.8.6j in a bit to see if that makes any difference.
Update: Upgrading to 0.8.6j broke my poller.php somehow. Too bad I don't have time to dig into this right now.
Update 2: I've done a clean test installation of 0.8.6j and applied the patch. I also found out what the problem was with the authentication. Since the logon screen is circumvented, users aren't redirected according to the cacti settings and thus end up at the console page, where they might not have access to.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
