From 3c234f36a4b8aa9e07928cc72f4213f52cd196eb Mon Sep 17 00:00:00 2001 From: Ricky Elrod Date: Thu, 17 Jul 2014 19:37:04 +0000 Subject: [PATCH] fix auth stuff here Signed-off-by: Ricky Elrod --- roles/nagios_server/files/nagios-external/cgi.cfg | 9 ++++++--- roles/nagios_server/files/nagios/cgi.cfg | 6 +++--- roles/nagios_server/templates/nagios-httpd.conf | 4 ++-- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/roles/nagios_server/files/nagios-external/cgi.cfg b/roles/nagios_server/files/nagios-external/cgi.cfg index bba483b779..c2e07427cd 100644 --- a/roles/nagios_server/files/nagios-external/cgi.cfg +++ b/roles/nagios_server/files/nagios-external/cgi.cfg @@ -140,7 +140,7 @@ authorized_for_configuration_information=* # authenticated to the web server. #authorized_for_system_commands=nagiosadmin -authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot +authorized_for_system_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://parasense.id.fedoraproject.org/ @@ -166,8 +166,11 @@ authorized_for_all_hosts=* # authorization). You may use an asterisk (*) to authorize any # user who has authenticated to the web server. -authorized_for_all_service_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud -authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud +#authorized_for_all_service_commands=nagiosadmin +#authorized_for_all_host_commands=nagiosadmin +uthorized_for_all_service_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/ + +authorized_for_all_host_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/ diff --git a/roles/nagios_server/files/nagios/cgi.cfg b/roles/nagios_server/files/nagios/cgi.cfg index 579fb523a8..d77300160c 100644 --- a/roles/nagios_server/files/nagios/cgi.cfg +++ b/roles/nagios_server/files/nagios/cgi.cfg @@ -140,7 +140,7 @@ authorized_for_configuration_information=* # authenticated to the web server. #authorized_for_system_commands=nagiosadmin -authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,karsten,parasense +authorized_for_system_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://parasense.id.fedoraproject.org/ @@ -168,9 +168,9 @@ authorized_for_all_hosts=* #authorized_for_all_service_commands=nagiosadmin #authorized_for_all_host_commands=nagiosadmin -authorized_for_all_service_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten -authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten +uthorized_for_all_service_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/ +authorized_for_all_host_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/ # STATUSMAP BACKGROUND IMAGE diff --git a/roles/nagios_server/templates/nagios-httpd.conf b/roles/nagios_server/templates/nagios-httpd.conf index f172afdf88..8c8b1c08ac 100644 --- a/roles/nagios_server/templates/nagios-httpd.conf +++ b/roles/nagios_server/templates/nagios-httpd.conf @@ -12,7 +12,7 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi Options ExecCGI AuthType OpenID require valid-user - AuthOpenIDSingleIdP https://id.fedoraproject.org/ + AuthOpenIDSingleIdP https://id.fedoraproject.org/openid/ AuthOpenIDSecureCookie on AuthOpenIDTrustRoot https://admin.fedoraproject.org AuthOpenIDServerName https://admin.fedoraproject.org @@ -23,7 +23,7 @@ ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi Options None AuthType OpenID - AuthOpenIDSingleIdP https://id.fedoraproject.org/ + AuthOpenIDSingleIdP https://id.fedoraproject.org/openid/ AuthOpenIDSecureCookie on AuthOpenIDTrustRoot https://admin.fedoraproject.org AuthOpenIDServerName https://admin.fedoraproject.org