[Xymon] transform REMOTE_USER for display purposes?

Ralph Mitchell ralphmitchell at gmail.com
Sun Aug 3 08:07:35 CEST 2014

I found that Apache breaks out client certificate information so this is
handed to the cgi scripts in the environment:


I still have the big ugly DN string in the passwd file for FakeBasicAuth to
work, but with this:


in /home/xymon/server/etc/cgioptions.cfg, at least the shorter name is used
for the web pages where a test is acked or disabled.

Ralph Mitchell

On Sat, Aug 2, 2014 at 8:12 PM, Richard L. Hamilton <rlhamil2 at gmail.com>

> There are those who have asked for a way to transform the REMOTE_USER
> variable when it's used for display purposes (like in the enadis.sh CGI
> program).  This can be perhaps more desirable when client certs are used
> with +FakeBasicAuth; the rather long identifying strings then used in the
> xymonpasswd (or comparable) file are a bit ugly.
> AFAIK, Apache's mod_env will not modify standard CGI environment
> variables; so the CGI's would have to do it.  If they checked if some
> optional RE was in a config file, they could use that to convert
> REMOTE_USER into something better suited to display than e.g.
> /CN=CAcert WoT User/emailAddress=johndoe at nobody.com
> (trivial example of what a free cert from CAcert might show up as); or
> there could be a file that just mapped REMOTE_USER values to display names.
> Overkill, or worthwhile? :-)
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140803/a3e30e6b/attachment.html>

More information about the Xymon mailing list