- Edit /usr/local/groundwork/nagios/etc/htpasswd.users, adding lines for your DN a la:
/C=AU/O=APACGrid/OU=The University of Melbourne/CN=Tom Fifield:xxj31ZMTZzkVA - Edit /usr/local/groundwork/apache2/conf/httpd.conf, following the directions to 'Uncomment to disable Guava Single Sign On" and then paste in
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 5
SSLCACertificatePath /etc/grid-security/certificates/
SSLOptions +FakeBasicAuth
SSLVerifyClient require
Order allow,deny
Allow from all
AuthUserFile /usr/local/groundwork/nagios/etc/htpasswd.users
AuthType Basic
AuthName "Nagios: YOUR CERTIFICATE MUST BE REGISTERED"
Require valid-user
in the many Directory sections that are involved. - Use groundwork to tell nagios to let us in:
Login to groundwork using your normal username and password, go to Control and Nagios CGI configuration. Next, append the DNs you added to the htpasswd file to the necessary permissions sections. Save and restart.
Wednesday, December 3, 2008
GroundWork: Enabling TLS certificate login
By default, GroundWork supports authentication by password, with a native or LDAP backend. However, using our existing grid certificates would be much easier. Here's how: (We'll assume you're already using SSL to connect, which means your /usr/local/groundwork/apache2/conf/extra/http-ssl.conf is setup and ready to go)
Subscribe to:
Posts (Atom)