Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte http://iriarte.it --
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-)
Tom
On 07/12/2015 00:41, Ciro Iriarte wrote:
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx mailto:tom.laermans@powersource.cx>:
Hi Ciro, If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-) I'm running kerberized LDAP Observium, nothing changed in that code for literally years. Tom On 05/12/2015 23:47, Ciro Iriarte wrote:Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them). It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it. Regards, -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Ciro Iriarte http://iriarte.it --
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php.
ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth";
Any ideas?
2015-12-06 21:26 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-)
Tom
On 07/12/2015 00:41, Ciro Iriarte wrote:
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such.
On 2015-12-07 14:53, Ciro Iriarte wrote:
What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php.
ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth";
Any ideas?
2015-12-06 21:26 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx mailto:tom.laermans@powersource.cx>:
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-) Tom On 07/12/2015 00:41, Ciro Iriarte wrote:I would like to think so... But given it's the same host, I would like to discard any funky rewrite change... Regards, Ciro 2015-12-05 20:02 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Hi Ciro, If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-) I'm running kerberized LDAP Observium, nothing changed in that code for literally years. Tom On 05/12/2015 23:47, Ciro Iriarte wrote:Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them). It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it. Regards, -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Ciro Iriarte http://iriarte.it --
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi Tom, I also created the user on the DB, I was expecting that http-auth authentication just trusted REMOTE_USER variable and let me in (as it's working right now with my old observium instance).
Regards, Ciro
2015-12-07 10:59 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such.
On 2015-12-07 14:53, Ciro Iriarte wrote:
What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php.
ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth";
Any ideas?
2015-12-06 21:26 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-)
Tom
On 07/12/2015 00:41, Ciro Iriarte wrote:
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Ciro,
Hmm, if the user exists in the DB, I guess it should work... I haven't used http-auth so I'm not sure :/
Tom
On 07/12/2015 21:30, Ciro Iriarte wrote:
Hi Tom, I also created the user on the DB, I was expecting that http-auth authentication just trusted REMOTE_USER variable and let me in (as it's working right now with my old observium instance).
Regards, Ciro
2015-12-07 10:59 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx mailto:tom.laermans@powersource.cx>:
Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such. On 2015-12-07 14:53, Ciro Iriarte wrote:What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php. ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth"; Any ideas? 2015-12-06 21:26 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-) Tom On 07/12/2015 00:41, Ciro Iriarte wrote:I would like to think so... But given it's the same host, I would like to discard any funky rewrite change... Regards, Ciro 2015-12-05 20:02 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Hi Ciro, If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-) I'm running kerberized LDAP Observium, nothing changed in that code for literally years. Tom On 05/12/2015 23:47, Ciro Iriarte wrote:Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them). It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it. Regards, -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium-- Ciro Iriarte http://iriarte.it --
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Well, found that the referenes for REMOTE_USER were removed by PHP_AUTH_USER, which wont work with external AuthType.
- if (isset($_SERVER['REMOTE_USER'])) + if (isset($_SERVER['PHP_AUTH_USER']))
Reference file: html/includes/authentication/http-auth.inc.php
The documentation states:
"n order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode http://php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'] http://php.net/manual/en/reserved.variables.server.php.
*Note*: *Configuration Note*
PHP uses the presence of an *AuthType* directive to determine whether external authentication is in effect. "
In my case, I'm using "AuthType Kerberos".
Ref http://php.net/manual/en/features.http-auth.php
Is this how http-auth is supposed to work?
Regards, Ciro
2015-12-08 21:08 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Ciro,
Hmm, if the user exists in the DB, I guess it should work... I haven't used http-auth so I'm not sure :/
Tom
On 07/12/2015 21:30, Ciro Iriarte wrote:
Hi Tom, I also created the user on the DB, I was expecting that http-auth authentication just trusted REMOTE_USER variable and let me in (as it's working right now with my old observium instance).
Regards, Ciro
2015-12-07 10:59 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such.
On 2015-12-07 14:53, Ciro Iriarte wrote:
What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php.
ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth";
Any ideas?
2015-12-06 21:26 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-)
Tom
On 07/12/2015 00:41, Ciro Iriarte wrote:
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte
http://iriarte.ithttp://iriarte.it
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Hi, typo fixed.
From what I understand, it's not going to work given the variable change...
Regards, Ciro
2015-12-09 19:02 GMT-03:00 Ciro Iriarte cyruspy@gmail.com:
Well, found that the referenes for REMOTE_USER were *replaced *by PHP_AUTH_USER, which wont work with external AuthType.
- if (isset($_SERVER['REMOTE_USER']))
- if (isset($_SERVER['PHP_AUTH_USER']))
Reference file: html/includes/authentication/http-auth.inc.php
The documentation states:
"n order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode http://php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'] http://php.net/manual/en/reserved.variables.server.php.
*Note*: *Configuration Note*
PHP uses the presence of an *AuthType* directive to determine whether external authentication is in effect. "
In my case, I'm using "AuthType Kerberos".
Ref http://php.net/manual/en/features.http-auth.php
Is this how http-auth is supposed to work?
Regards, Ciro
2015-12-08 21:08 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Ciro,
Hmm, if the user exists in the DB, I guess it should work... I haven't used http-auth so I'm not sure :/
Tom
On 07/12/2015 21:30, Ciro Iriarte wrote:
Hi Tom, I also created the user on the DB, I was expecting that http-auth authentication just trusted REMOTE_USER variable and let me in (as it's working right now with my old observium instance).
Regards, Ciro
2015-12-07 10:59 GMT-03:00 Tom Laermans tom.laermans@powersource.cx:
Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such.
On 2015-12-07 14:53, Ciro Iriarte wrote:
What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php.
ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth";
Any ideas?
2015-12-06 21:26 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-)
Tom
On 07/12/2015 00:41, Ciro Iriarte wrote:
I would like to think so... But given it's the same host, I would like to discard any funky rewrite change...
Regards, Ciro
2015-12-05 20:02 GMT-03:00 Tom Laermans < tom.laermans@powersource.cx tom.laermans@powersource.cx>:
Hi Ciro,
If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-)
I'm running kerberized LDAP Observium, nothing changed in that code for literally years.
Tom
On 05/12/2015 23:47, Ciro Iriarte wrote:
Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them).
It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it.
Regards,
-- Ciro Iriarte
http://iriarte.ithttp://iriarte.it
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
observium mailing listobservium@observium.orghttp://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
-- Ciro Iriarte http://iriarte.it --
I guess not.. not sure why that happened - any input, Mike?
On 10/12/2015 21:05, Ciro Iriarte wrote:
Hi, typo fixed.
From what I understand, it's not going to work given the variable change...
Regards, Ciro
2015-12-09 19:02 GMT-03:00 Ciro Iriarte <cyruspy@gmail.com mailto:cyruspy@gmail.com>:
Well, found that the referenes for REMOTE_USER were *replaced *by PHP_AUTH_USER, which wont work with external AuthType. - if (isset($_SERVER['REMOTE_USER'])) + if (isset($_SERVER['PHP_AUTH_USER'])) Reference file: html/includes/authentication/http-auth.inc.php The documentation states: "n order to prevent someone from writing a script which reveals the password for a page that was authenticated through a traditional external mechanism, the PHP_AUTH variables will not be set if external authentication is enabled for that particular page and safe mode <http://php.net/manual/en/ini.sect.safe-mode.php#ini.safe-mode> is enabled. Regardless, REMOTE_USER can be used to identify the externally-authenticated user. So, you can use $_SERVER['REMOTE_USER'] <http://php.net/manual/en/reserved.variables.server.php>. *Note*: *Configuration Note* PHP uses the presence of an /AuthType/ directive to determine whether external authentication is in effect. " In my case, I'm using "AuthType Kerberos". Ref http://php.net/manual/en/features.http-auth.php Is this how http-auth is supposed to work? Regards, Ciro 2015-12-08 21:08 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Ciro, Hmm, if the user exists in the DB, I guess it should work... I haven't used http-auth so I'm not sure :/ Tom On 07/12/2015 21:30, Ciro Iriarte wrote:Hi Tom, I also created the user on the DB, I was expecting that http-auth authentication just trusted REMOTE_USER variable and let me in (as it's working right now with my old observium instance). Regards, Ciro 2015-12-07 10:59 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Umm, oh, ok - http-auth is not made for this... yea, that's not gonna work then I guess. The module was adapted ages ago to use mysql users and such. On 2015-12-07 14:53, Ciro Iriarte wrote:What I see as unusual is that it's not printing my "AuthName" each time, it's cycling between blank, my AuthName and "Unauthorised access or use shall render the user liable to criminal and/or civil prosecution.", which is defined in includes/defaults.inc.php. ning:/opt/observium-test # grep auth config.php //$config['auth_mechanism'] = "mysql"; // default, other options: ldap, http-auth, please see documentation for config help $config['auth_mechanism'] = "http-auth"; Any ideas? 2015-12-06 21:26 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Well, we don't control the re-asking of the password; most we can do is present an Observium login dialog if we don't believe apache's remote_user. If it's reprompting, it's not even getting to running any PHP :-) Tom On 07/12/2015 00:41, Ciro Iriarte wrote:I would like to think so... But given it's the same host, I would like to discard any funky rewrite change... Regards, Ciro 2015-12-05 20:02 GMT-03:00 Tom Laermans <tom.laermans@powersource.cx <mailto:tom.laermans@powersource.cx>>: Hi Ciro, If Apache is not accepting your password and re-prompting, this is your config problem, not Observium :-) I'm running kerberized LDAP Observium, nothing changed in that code for literally years. Tom On 05/12/2015 23:47, Ciro Iriarte wrote:Hi!, is anyone using external authentication with kerberos?, I have an old version (4586) running without issues with sles11+apache+kerberos but trying to run a current release (7203) on the same host, it's like apache doesn't accept the user/password pair (keeps asking for them). It might be a misconfiguration, but I would like to know if anyone else is using a similar configuration nowadays or has comments about it. Regards, -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it -- _______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium_______________________________________________ observium mailing list observium@observium.org <mailto:observium@observium.org> http://postman.memetic.org/cgi-bin/mailman/listinfo/observium -- Ciro Iriarte http://iriarte.it ---- Ciro Iriarte http://iriarte.it --
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Good morning,
We recently noticed that SNMP is having difficulty handling large file sysystem. We have a 120TB XFS system that is reporting on 4.4TB and alerting because SNMP is reporting the wrong values.
snmpwalk -mALL -v2c -{COM} {HOST} hrStorageTable | grep 40 HOST-RESOURCES-MIB::hrStorageIndex.40 = INTEGER: 40 HOST-RESOURCES-MIB::hrStorageType.40 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk HOST-RESOURCES-MIB::hrStorageDescr.40 = STRING: /home HOST-RESOURCES-MIB::hrStorageAllocationUnits.40 = INTEGER: 4096 Bytes HOST-RESOURCES-MIB::hrStorageSize.40 = INTEGER: 1186465536 HOST-RESOURCES-MIB::hrStorageUsed.40 = INTEGER: 1036605829 HOST-RESOURCES-MIB::hrStorageUsed.44 = INTEGER: 666446640
Some forums have indicated this can be resolved by upgrading to 64 bit integers but I am not an SNMP expert.
Has anyone seen this behavior and if so how do we work around it? In the HPC world this is a small name space so I worry about monitoring storage on our Lustre FS.
Thanks
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
[image] https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
Hi Rhian,
First off, please don't hijack threads - this has nothing to do with mod_auth_kerb.
Second, yes, you need an snmpd supporting the high capacity storage tables. Net-SNMP supports this from 5.7 on, if you don't disable if via compile options, so an upgrade might be in order.
Tom
On 13/12/2015 14:41, Rhian Resnick wrote:
Good morning,
We recently noticed that SNMP is having difficulty handling large file sysystem. We have a 120TB XFS system that is reporting on 4.4TB and alerting because SNMP is reporting the wrong values.
snmpwalk -mALL -v2c -{COM} {HOST} hrStorageTable | grep 40 HOST-RESOURCES-MIB::hrStorageIndex.40 = INTEGER: 40 HOST-RESOURCES-MIB::hrStorageType.40 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk HOST-RESOURCES-MIB::hrStorageDescr.40 = STRING: /home HOST-RESOURCES-MIB::hrStorageAllocationUnits.40 = INTEGER: 4096 Bytes HOST-RESOURCES-MIB::hrStorageSize.40 = INTEGER: 1186465536 HOST-RESOURCES-MIB::hrStorageUsed.40 = INTEGER: 1036605829 HOST-RESOURCES-MIB::hrStorageUsed.44 = INTEGER: 666446640
Some forums have indicated this can be resolved by upgrading to 64 bit integers but I am not an SNMP expert.
Has anyone seen this behavior and if so how do we work around it? In the HPC world this is a small name space so I worry about monitoring storage on our Lustre FS.
Thanks
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
image https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Sorry regarding the hijack. I thought I had created a new message and copied the list address into it.
Thank you, and yes Redhat uses a rather old net-snmp.
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
[image] https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
________________________________ From: observium observium-bounces@observium.org on behalf of Tom Laermans tom.laermans@powersource.cx Sent: Sunday, December 13, 2015 9:13 AM To: Observium Network Observation System Subject: Re: [Observium] SNMP and Large FileSystems (100TB+)
Hi Rhian,
First off, please don't hijack threads - this has nothing to do with mod_auth_kerb.
Second, yes, you need an snmpd supporting the high capacity storage tables. Net-SNMP supports this from 5.7 on, if you don't disable if via compile options, so an upgrade might be in order.
Tom
On 13/12/2015 14:41, Rhian Resnick wrote:
Good morning,
We recently noticed that SNMP is having difficulty handling large file sysystem. We have a 120TB XFS system that is reporting on 4.4TB and alerting because SNMP is reporting the wrong values.
snmpwalk -mALL -v2c -{COM} {HOST} hrStorageTable | grep 40 HOST-RESOURCES-MIB::hrStorageIndex.40 = INTEGER: 40 HOST-RESOURCES-MIB::hrStorageType.40 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk HOST-RESOURCES-MIB::hrStorageDescr.40 = STRING: /home HOST-RESOURCES-MIB::hrStorageAllocationUnits.40 = INTEGER: 4096 Bytes HOST-RESOURCES-MIB::hrStorageSize.40 = INTEGER: 1186465536 HOST-RESOURCES-MIB::hrStorageUsed.40 = INTEGER: 1036605829 HOST-RESOURCES-MIB::hrStorageUsed.44 = INTEGER: 666446640
Some forums have indicated this can be resolved by upgrading to 64 bit integers but I am not an SNMP expert.
Has anyone seen this behavior and if so how do we work around it? In the HPC world this is a small name space so I worry about monitoring storage on our Lustre FS.
Thanks
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
[image] https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Older version simply don't have the support for the higher capacities, so upgrading to a newer version is the only option. I have no knowledge of RHEL maintenance and repositories so I can't offer help in that regard...
Latest Debian stable luckily has it, before that I had my own package backported to fix this on servers with larger capacity. :-) 5.7 also helps with actual speeds of bonds and such instead of 10Mbps :-)
Tom
On 13/12/2015 15:17, Rhian Resnick wrote:
Sorry regarding the hijack. I thought I had created a new message and copied the list address into it.
Thank you, and yes Redhat uses a rather old net-snmp.
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
image https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
*From:* observium observium-bounces@observium.org on behalf of Tom Laermans tom.laermans@powersource.cx *Sent:* Sunday, December 13, 2015 9:13 AM *To:* Observium Network Observation System *Subject:* Re: [Observium] SNMP and Large FileSystems (100TB+) Hi Rhian,
First off, please don't hijack threads - this has nothing to do with mod_auth_kerb.
Second, yes, you need an snmpd supporting the high capacity storage tables. Net-SNMP supports this from 5.7 on, if you don't disable if via compile options, so an upgrade might be in order.
Tom
On 13/12/2015 14:41, Rhian Resnick wrote:
Good morning,
We recently noticed that SNMP is having difficulty handling large file sysystem. We have a 120TB XFS system that is reporting on 4.4TB and alerting because SNMP is reporting the wrong values.
snmpwalk -mALL -v2c -{COM} {HOST} hrStorageTable | grep 40 HOST-RESOURCES-MIB::hrStorageIndex.40 = INTEGER: 40 HOST-RESOURCES-MIB::hrStorageType.40 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk HOST-RESOURCES-MIB::hrStorageDescr.40 = STRING: /home HOST-RESOURCES-MIB::hrStorageAllocationUnits.40 = INTEGER: 4096 Bytes HOST-RESOURCES-MIB::hrStorageSize.40 = INTEGER: 1186465536 HOST-RESOURCES-MIB::hrStorageUsed.40 = INTEGER: 1036605829 HOST-RESOURCES-MIB::hrStorageUsed.44 = INTEGER: 666446640
Some forums have indicated this can be resolved by upgrading to 64 bit integers but I am not an SNMP expert.
Has anyone seen this behavior and if so how do we work around it? In the HPC world this is a small name space so I worry about monitoring storage on our Lustre FS.
Thanks
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
image https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
observium mailing list observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
Tom,
Your info solved the issue already. [😊] Our cluster manager provides a "module" with net-snmp 5.7+
We activated this and the problem is resolved.
Thanks!
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
[image] https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
________________________________ From: observium observium-bounces@observium.org on behalf of Tom Laermans tom.laermans@powersource.cx Sent: Sunday, December 13, 2015 9:19 AM To: Observium Network Observation System Subject: Re: [Observium] SNMP and Large FileSystems (100TB+)
Older version simply don't have the support for the higher capacities, so upgrading to a newer version is the only option. I have no knowledge of RHEL maintenance and repositories so I can't offer help in that regard...
Latest Debian stable luckily has it, before that I had my own package backported to fix this on servers with larger capacity. :-) 5.7 also helps with actual speeds of bonds and such instead of 10Mbps :-)
Tom
On 13/12/2015 15:17, Rhian Resnick wrote:
Sorry regarding the hijack. I thought I had created a new message and copied the list address into it.
Thank you, and yes Redhat uses a rather old net-snmp.
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
[image] https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
________________________________ From: observium observium-bounces@observium.orgmailto:observium-bounces@observium.org on behalf of Tom Laermans tom.laermans@powersource.cxmailto:tom.laermans@powersource.cx Sent: Sunday, December 13, 2015 9:13 AM To: Observium Network Observation System Subject: Re: [Observium] SNMP and Large FileSystems (100TB+)
Hi Rhian,
First off, please don't hijack threads - this has nothing to do with mod_auth_kerb.
Second, yes, you need an snmpd supporting the high capacity storage tables. Net-SNMP supports this from 5.7 on, if you don't disable if via compile options, so an upgrade might be in order.
Tom
On 13/12/2015 14:41, Rhian Resnick wrote:
Good morning,
We recently noticed that SNMP is having difficulty handling large file sysystem. We have a 120TB XFS system that is reporting on 4.4TB and alerting because SNMP is reporting the wrong values.
snmpwalk -mALL -v2c -{COM} {HOST} hrStorageTable | grep 40 HOST-RESOURCES-MIB::hrStorageIndex.40 = INTEGER: 40 HOST-RESOURCES-MIB::hrStorageType.40 = OID: HOST-RESOURCES-TYPES::hrStorageFixedDisk HOST-RESOURCES-MIB::hrStorageDescr.40 = STRING: /home HOST-RESOURCES-MIB::hrStorageAllocationUnits.40 = INTEGER: 4096 Bytes HOST-RESOURCES-MIB::hrStorageSize.40 = INTEGER: 1186465536 HOST-RESOURCES-MIB::hrStorageUsed.40 = INTEGER: 1036605829 HOST-RESOURCES-MIB::hrStorageUsed.44 = INTEGER: 666446640
Some forums have indicated this can be resolved by upgrading to 64 bit integers but I am not an SNMP expert.
Has anyone seen this behavior and if so how do we work around it? In the HPC world this is a small name space so I worry about monitoring storage on our Lustre FS.
Thanks
Rhian Resnick
Assistant Director Middleware and HPC
Office of Information Technology
Florida Atlantic University
777 Glades Road, CM22, Rm 218
Boca Raton, FL 33431
Phone 561.297.2647
Fax 561.297.0222
[image] https://hpc.fau.edu/wp-content/uploads/2015/01/image.jpg
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
_______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium
participants (3)
-
Ciro Iriarte -
Rhian Resnick -
Tom Laermans