[Xymon] transform REMOTE_USER for display purposes?
Ralph Mitchell
ralphmitchell at gmail.com
Sun Aug 3 08:07:35 CEST 2014
I found that Apache breaks out client certificate information so this is
handed to the cgi scripts in the environment:
SSL_CLIENT_S_DN_CN=MITCHELL.RALPH.xxxxxxx
I still have the big ugly DN string in the passwd file for FakeBasicAuth to
work, but with this:
REMOTE_USER="$SSL_CLIENT_S_DN_CN"
in /home/xymon/server/etc/cgioptions.cfg, at least the shorter name is used
for the web pages where a test is acked or disabled.
Ralph Mitchell
On Sat, Aug 2, 2014 at 8:12 PM, Richard L. Hamilton <rlhamil2 at gmail.com>
wrote:
> There are those who have asked for a way to transform the REMOTE_USER
> variable when it's used for display purposes (like in the enadis.sh CGI
> program). This can be perhaps more desirable when client certs are used
> with +FakeBasicAuth; the rather long identifying strings then used in the
> xymonpasswd (or comparable) file are a bit ugly.
>
> AFAIK, Apache's mod_env will not modify standard CGI environment
> variables; so the CGI's would have to do it. If they checked if some
> optional RE was in a config file, they could use that to convert
> REMOTE_USER into something better suited to display than e.g.
> /CN=CAcert WoT User/emailAddress=johndoe at nobody.com
> (trivial example of what a free cert from CAcert might show up as); or
> there could be a file that just mapped REMOTE_USER values to display names.
>
> Overkill, or worthwhile? :-)
>
>
>
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140803/a3e30e6b/attachment.html>
More information about the Xymon
mailing list