[hobbit] Securing Hobbit from visitors
Buchan Milne
bgmilne at staff.telkomsa.net
Wed Mar 12 09:21:56 CET 2008
On Wednesday 12 March 2008 06:58:16 Josh Luthman wrote:
> I am curious to see how the crew here on the mailing list secures their
> Hobbit from the outside world. I need to have the WWW pages visible from
> every IP but only from certain people, therefor I need to use users and
> passwords. Our Hobbitmon is viewed via cell phones and computers (IE and
> Firefox) and protected by an HTTP(S) login currently. The problem is that
> with three different Directory statements in httpd.conf, you need to login
> three times every time you restart Firefox.
>
> Also, how many businesses have Hobbitmon wide open for the viewing, such as
> Henrik's demo, if any?
We run ours requiring authentication of a valid user in our LDAP directory for
any access to Hobbit at all, and membership of the monitoring group in LDAP
for access to the /hobbit-seccgi location. This allows to (besides reduce
user management overhead) have password expiration, lockout, etc. etc.
If you use the same authentication source in all the directory statements,
users should not have to authenticate more than once (we don't). Even if you
do authorization only on /hobbit-seccgi.
This is really more of an Apache thing than anything else ... but you may want
to post the authentication aspects of your apache configuration for Hobbit if
you need more assistance.
Regards,
Buchan
More information about the Xymon
mailing list