Skip to content
This repository has been archived by the owner on Jan 15, 2019. It is now read-only.

[dev.icinga.com #1007] Creating new "http-basic" user: password shall not be required #253

Closed
icinga-migration opened this issue Nov 15, 2010 · 10 comments

Comments

@icinga-migration
Copy link

This issue has been migrated from Redmine: https://dev.icinga.com/issues/1007

Created by tgelf on 2010-11-15 15:08:41 +00:00

Assignee: jmosshammer
Status: Closed (closed on 2011-09-27 14:37:50 +00:00)
Target Version: 1.6
Last Update: 2011-12-03 11:30:09 +00:00 (in Redmine)


Usually admins want to prepare user permissions (hostgroup filters ecc) before their initial login. To do so, you just have to create a "http-basic" user. However, in that case the password field should no longer be compulsory.

Attachments

@icinga-migration
Copy link
Author

Updated by grue on 2010-11-18 10:49:11 +00:00

tgelf wrote:

Usually admins want to prepare user permissions (hostgroup filters ecc) before their initial login. To do so, you just have to create a "http-basic" user. However, in that case the password field should no longer be compulsory.

i have configured ldap auth and password shall not be required. i can also type in was i want and i can login to icinga-web

@icinga-migration
Copy link
Author

Updated by grue on 2010-11-18 15:30:42 +00:00

Solution:

search in auth.xml file and changes settings to:

<ae:parameter name="auth_key">
<ae:parameter name="auth_module">AppKit</ae:parameter>
<ae:parameter name="auth_provider">Auth.Provider.AuthKey</ae:parameter>
<ae:parameter name="auth_enable">false</ae:parameter>
<ae:parameter name="auth_authoritative">false</ae:parameter>
</ae:parameter>

Clear cache and test it again. The provider "auth_key" return always true for login...

@icinga-migration
Copy link
Author

Updated by eragonio on 2010-11-20 09:11:33 +00:00

grue wrote:

Solution:

search in auth.xml file and changes settings to:

<ae:parameter name="auth_key">
<ae:parameter name="auth_module">AppKit</ae:parameter>
<ae:parameter name="auth_provider">Auth.Provider.AuthKey</ae:parameter>
<ae:parameter name="auth_enable">false</ae:parameter>
<ae:parameter name="auth_authoritative">false</ae:parameter>
</ae:parameter>

Clear cache and test it again. The provider "auth_key" return always true for login...

But then you cant use Icinga Mobile.

@icinga-migration
Copy link
Author

Updated by tgelf on 2010-11-20 19:21:23 +00:00

Passwordless login and Icinga Mobile are of course pretty interesting, but have nothing to do with my initial question. I haven't been talking about the login form itself, but about the form field "password" (to be entered twice) but about the steps you have to do when you want to configure user permissions prior their first login.

I also talked just about users already authenticated by your Web Server (LDAP, Kerberos, whatever), they will not be authenticated (but autorized) by Icinga-Web. Users are automagically created in Icinga-Web's DB after your first login, but often that's not what you want.

Several times I have been asked to configure Icinga-Web in a way that authentication information is provided externally (e.g.: Kerberos ticket), but to only allow login for specific users and to also limit them to be able to access only very few specific Hostgroups.

For being able to do so, you have to prepare those external users in Icinga-Web, choosing a specific type. In my initial bug report I have chosen "http-basic" as an example. And that's the step this bug report is related to: it doesn't absolutely make sense to make the password fields compulsory in this case. They should either vanish once such a backend is chosen - or at least become optional in that case.

@icinga-migration
Copy link
Author

Updated by jmosshammer on 2011-09-26 15:44:30 +00:00

  • Category set to Authorization
  • Status changed from New to Feedback
  • Assigned to set to mhein
  • Target Version set to 1.6

Is this still current?

@icinga-migration
Copy link
Author

Updated by jmosshammer on 2011-09-27 11:16:21 +00:00

  • Assigned to changed from mhein to jmosshammer

@icinga-migration
Copy link
Author

Updated by tgelf on 2011-09-27 11:25:27 +00:00

  • File added icingaweb-basicauth-password.png

As shown in the attached screenshot this is still true for 1.5.x

@icinga-migration
Copy link
Author

Updated by mhein on 2011-09-27 13:09:25 +00:00

  • Estimated Hours set to 1

@icinga-migration
Copy link
Author

Updated by jmosshammer on 2011-09-27 14:37:50 +00:00

  • Status changed from Feedback to Closed

fixed in my branch

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2011-12-03 11:28:24 +00:00

  • Done % changed from 0 to 100

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant