Bil*_*iss 9 httpd authentication apache-2.2
我在这里的服务器上运行 Nagios(CentOS 5.3 w/ Apache 2.2.3-22.el5.centos)验证我的 LDAP 服务器,并且一切正常。但是,我希望有一些 IP 能够在不进行身份验证的情况下查看 Nagios 状态页面。Nagios 有这个选项可以将用户分配给不进行身份验证的人:
authorized_for_read_only=guest
default_user_name=guest
听起来不错,但这并没有考虑到 Apache 身份验证。我当前的 apache 配置如下所示:
<Directory "/usr/lib64/nagios/cgi">
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/misc/htpasswd.users
Require valid-user
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthBasicAuthoritative On
AuthLDAPGroupAttribute LDAPmember
AuthLDAPURL (my server stuff)
Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>
那行得通,但我想用某种方式说“这里的这个 IP,他可以跳过那些认证的东西”。Apache Satisfy指令看起来可以工作,所以我尝试了这个:
<Directory "/usr/lib64/nagios/cgi">
AllowOverride None
Order allow,deny
Allow from (IP) <---- changed
Deny from all <---- changed
Satisfy any <---- changed
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/misc/htpasswd.users
Require valid-user
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthBasicAuthoritative On
AuthLDAPGroupAttribute LDAPmember
AuthLDAPURL (my server stuff)
Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>
但这并没有改变网站的行为。想法?“为我工作”?指向适当的升级说明的指针说如果我开始升级我的服务器,我会解决这个问题?:)
---- 更新答案 ----
我拿出了文件或 LDAP 的东西,满足为我工作。我可能在那里做错了什么,但无论如何,它现在有效。这是我的最终配置的样子:
<Directory "/usr/lib64/nagios/cgi">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from 192.168.42.213
Satisfy any
AuthName "Nagios Access"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthBasicAuthoritative On
AuthLDAPGroupAttribute LDAPmember
AuthLDAPURL (my server stuff)
Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>
“满足任何”确实是您需要使用的。Apache wiki 上有一个很好的例子。直接引用该来源:
<Directory /home/www/site1/private>
AuthUserFile /home/www/site1-passwd
AuthType Basic
AuthName MySite
Require valid-user
Order allow,deny
Allow from 172.17.10
Satisfy any
</Directory>
| 归档时间: |
|
| 查看次数: |
5527 次 |
| 最近记录: |