[hobbit] Securing Hobbit from visitors

Josh Luthman josh at imaginenetworksllc.com
Wed Mar 12 13:14:41 CET 2008


This is what I have in httpd.conf that makes me login three times (you can
tell which three, obviously =)

Alias /hobbit/  "/hobbitdir/server/www/"
<Directory "/hobbitdir/server/www">
    Options Indexes FollowSymLinks Includes MultiViews
    Order allow,deny
    Allow from all
  AuthUserFile /hobbitdir/server/etc/hobbitpasswd
  AuthType Basic
  AuthName "Hobbit Monitoring1"
  Require valid-user
</Directory>

ScriptAlias /hobbit-cgi/ "/hobbitdir/cgi-bin/"
<Directory "/hobbitdir/cgi-bin">
    AllowOverride None
    Options ExecCGI Includes
    Order allow,deny
    Allow from all
  AuthUserFile /hobbitdir/server/etc/hobbitpasswd
  AuthType Basic
  AuthName "Hobbit Monitoring2"
  Require valid-user
</Directory>

ScriptAlias /hobbit-seccgi/ "/hobbitdir/cgi-secure/"
<Directory "/hobbitdir/cgi-secure">
    AllowOverride None
    Options ExecCGI Includes
    Order allow,deny
    Allow from all

    AuthUserFile /hobbitdir/server/etc/hobbitpasswd
    AuthGroupFile /hobbitdir/server/etc/hobbitgroups
    AuthType Basic
    AuthName "Hobbit Monitoring3"
    Require valid-user
    Require group group4admin
</Directory>


On 3/12/08, Buchan Milne <bgmilne at staff.telkomsa.net> wrote:
>
> On Wednesday 12 March 2008 06:58:16 Josh Luthman wrote:
> > I am curious to see how the crew here on the mailing list secures their
> > Hobbit from the outside world.  I need to have the WWW pages visible
> from
> > every IP but only from certain people, therefor I need to use users and
> > passwords.  Our Hobbitmon is viewed via cell phones and computers (IE
> and
> > Firefox) and protected by an HTTP(S) login currently.  The problem is
> that
> > with three different Directory statements in httpd.conf, you need to
> login
> > three times every time you restart Firefox.
> >
> > Also, how many businesses have Hobbitmon wide open for the viewing, such
> as
> > Henrik's demo, if any?
>
>
>
> We run ours requiring authentication of a valid user in our LDAP directory
> for
> any access to Hobbit at all, and membership of the monitoring group in
> LDAP
> for access to the /hobbit-seccgi location. This allows to (besides reduce
> user management overhead) have password expiration, lockout, etc. etc.
>
> If you use the same authentication source in all the directory statements,
> users should not have to authenticate more than once (we don't). Even if
> you
> do authorization only on /hobbit-seccgi.
>
> This is really more of an Apache thing than anything else ... but you may
> want
> to post the authentication aspects of your apache configuration for Hobbit
> if
> you need more assistance.
>
> Regards,
>
> Buchan
>



-- 
Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

Those who don't understand UNIX are condemned to reinvent it, poorly.
--- Henry Spencer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20080312/740a99f4/attachment.html>


More information about the Xymon mailing list