I'll note that the default config appears intended to apply the password restriction only to the admin scripts in /usr/share/xymon/cgi-secure. But on Centos 7, that does not work for me, either.
Noticing the following conditions in the Directory stanza for cgi-secure:
<IfModule mod_authz_core.c>
Apache 2.4+
Require all granted </IfModule> <IfModule !mod_authz_core.c> Order deny,allow Allow from all </IfModule>
I checked that the mod_authz_core module was getting loaded with "httpd -M" and it was. BUT I noticed that mod_authn_file was not, and I think that's a dependency, along with mod_authz_user (which is getting loaded). The 00-base.conf file for Apache has a LoadModule line for the missing module, so I'm looking at why that's not getting loaded.
Regards,
Jake
On 2016-12-21 11:18, Raymond, David wrote:
Hi,
I have the same problem as Alessandro. I running SLES 12.2.
Same result, try different way, no prompt of user.
Thanks to help
David Raymond
D: 450.357.7000 x7064 C: 514.603.0986 F: 450.357.7050 www.batiparbarrette.com
FROM: Xymon [mailto:xymon-bounces at xymon.com] ON BEHALF OF Alessandro Tinivelli SENT: Wednesday, December 14, 2016 12:06 PM TO: xymon at xymon.com SUBJECT: [Xymon] restrict access to Xymon not working as expected
Hallo everyone,
sorry if the question has already been asked, but i could not find any answer in google:
my brand new xymon installation (Xymon 4.3.27-1.el7.terabithia) on Centos7 has the liens below in apache config file:
I have created the /etc/xymon/xymonpasswd file , but the access is still free with no pass request.
Is there something I did not understand? Should this file located somewhere else?
Thank you in advance
Alessandro
Password file where users with access to these scripts are kept.
Although expected in $XYMONHOME/etc/ by the useradm and chpasswd
scripts, files here can be read with the "config" message type,
which allows status-privileged clients to read arbitrary regular files
from the directory.
This file should be owned and readable only by the apache server user,
and ideally merely a symlink to a location outside of $XYMONHOME/etc/
Create it with:
htpasswd -c /etc/xymon/xymonpasswd USERNAME
chown apache:apache /etc/xymon/xymonpasswd
chmod 640 /etc/xymon/xymonpasswd
Add more users / change passwords with: "htpasswd /etc/xymon/xymonpasswd USERNAME"
You can also use a group file to restrict admin access to members of a
group, instead of anyone who is logged in. In that case you must setup
the "xymongroups" file, and change the "Require" settings to require
a specific group membership. See the Apache docs for more details.
AuthUserFile /etc/xymon/xymonpasswd
AuthGroupFile /etc/xymon/xymongroups
AuthType Basic
AuthName "Xymon Administration"
"valid-user" restricts access to anyone who is logged in.
Require valid-user
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon [1]