GroundWork: Enabling TLS certificate login

By default, GroundWork supports authentication by password, with a native or LDAP backend. However, using our existing grid certificates would be much easier. Here's how: (We'll assume you're already using SSL to connect, which means your /usr/local/groundwork/apache2/conf/extra/http-ssl.conf is setup and ready to go)

1. Edit /usr/local/groundwork/nagios/etc/htpasswd.users, adding lines for your DN a la:
   /C=AU/O=APACGrid/OU=The University of Melbourne/CN=Tom Fifield:xxj31ZMTZzkVA
   
   
2. Edit /usr/local/groundwork/apache2/conf/httpd.conf, following the directions to 'Uncomment to disable Guava Single Sign On" and then paste in
   SSLRequireSSL
   SSLVerifyClient require
   SSLVerifyDepth 5
   SSLCACertificatePath /etc/grid-security/certificates/
   SSLOptions +FakeBasicAuth
   SSLVerifyClient require
   Order allow,deny
   Allow from all
   AuthUserFile /usr/local/groundwork/nagios/etc/htpasswd.users
   AuthType Basic
   AuthName "Nagios: YOUR CERTIFICATE MUST BE REGISTERED"
   Require valid-user
   in the many Directory sections that are involved.
   
   
3. Use groundwork to tell nagios to let us in:
   Login to groundwork using your normal username and password, go to Control and Nagios CGI configuration. Next, append the DNs you added to the htpasswd file to the necessary permissions sections. Save and restart.