[hobbit] Securing Hobbit from visitors

Ben azlobo73 at gmail.com
Wed Mar 12 06:39:57 CET 2008


We don't have ours open (in fact very we keep access as limited in
scope as is necessary; in our environment we can so we do - thank
goodness for socks5 and ssh), but a little time testing yields answers
for the auth question.

Set the same realm (AuthName directive) and password auth file(s)
(AuthUserFile and optionally AuthGroupFile if using groups -
recommended for multiple users so you can give everyone their own
accounts, manage them simply via group management, and safely revoke
access when needed) in all three locations.  That will do the trick
(Tested via Firefox, Opera, and Epiphany).  Even setting the same
password file(s) should be sufficient most of the time.  I even can
create the same user/pass credentials in separate password files and
login only once to access all three locations.

Ben

On Tue, Mar 11, 2008 at 9:58 PM, Josh Luthman
<josh at imaginenetworksllc.com> wrote:
> I am curious to see how the crew here on the mailing list secures their
> Hobbit from the outside world.  I need to have the WWW pages visible from
> every IP but only from certain people, therefor I need to use users and
> passwords.  Our Hobbitmon is viewed via cell phones and computers (IE and
> Firefox) and protected by an HTTP(S) login currently.  The problem is that
> with three different Directory statements in httpd.conf, you need to login
> three times every time you restart Firefox.
>
> Also, how many businesses have Hobbitmon wide open for the viewing, such as
> Henrik's demo, if any?
>
> --
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
>  Troy, OH 45373
>
> Those who don't understand UNIX are condemned to reinvent it, poorly.
> --- Henry Spencer



More information about the Xymon mailing list