Well, found that the referenes for REMOTE_USER were removed by PHP_AUTH_USER, which wont work with external AuthType.
- if (isset($_SERVER['REMOTE_USER'])) + if (isset($_SERVER['PHP_AUTH_USER']))
Reference file: html/includes/authentication/http-auth.inc.php
The documentation states:
"n order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode http://php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'] http://php.net/manual/en/reserved.variables.server.php.
*Note*: *Configuration Note*
PHP uses the presence of an *AuthType* directive to determine whether external authentication is in effect. "
In my case, I'm using "AuthType Kerberos".
Ref http://php.net/manual/en/features.http-auth.php
Is this how http-auth is supposed to work?
Regards, Ciro
2015-12-08 21:08 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Ciro,
Hmm, if the user exists in the DB, I guess it should work... I haven't used http-auth so I'm not sure :/
Tom
On 07/12/2015 21:30, Ciro Iriarte wrote:
Hi Tom, I also created the user on the DB, I was expecting that http-auth authentication just trusted REMOTE_USER variable and let me in (as it's working right now with my old observium instance).
Regards, Ciro
2015-12-07 10:59 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such.
On 2015-12-07 14:53, Ciro Iriarte wrote:
What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php.
ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth";
Any ideas?
2015-12-06 21:26 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-)
Tom
On 07/12/2015 00:41, Ciro Iriarte wrote:
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte
http://iriarte.ithttp://iriarte.it
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium