diff --git a/roles/nagios/server/files/nagios-external/cgi.cfg b/roles/nagios/server/files/nagios-external/cgi.cfg
index dcc897c620..b99f20da32 100644
--- a/roles/nagios/server/files/nagios-external/cgi.cfg
+++ b/roles/nagios/server/files/nagios-external/cgi.cfg
@@ -140,7 +140,7 @@ authorized_for_configuration_information=*
# authenticated to the web server.
#authorized_for_system_commands=nagiosadmin
-authorized_for_system_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://parasense.id.fedoraproject.org/,http://pingou.id.fedoraproject.org/,http://tflink.id.fedoraproject.org/,http://mizdebsk.id.fedoraproject.org/,http://msimacek.id.fedoraproject.org/
+authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,karsten,parasense,pingou,tflink,mizdebsk,msimacek
@@ -168,9 +168,9 @@ authorized_for_all_hosts=*
#authorized_for_all_service_commands=nagiosadmin
#authorized_for_all_host_commands=nagiosadmin
-authorized_for_all_service_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://pingou.id.fedoraproject.org/,http://tflink.id.fedoraproject.org/,http://mizdebsk.id.fedoraproject.org/,http://msimacek.id.fedoraproject.org/
+authorized_for_all_service_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek
-authorized_for_all_host_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://pingou.id.fedoraproject.org/,http://tflink.id.fedoraproject.org/,http://mizdebsk.id.fedoraproject.org/,http://msimacek.id.fedoraproject.org/
+authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek
diff --git a/roles/nagios/server/files/nagios/cgi.cfg b/roles/nagios/server/files/nagios/cgi.cfg
index 2aede63e04..816cc6d464 100644
--- a/roles/nagios/server/files/nagios/cgi.cfg
+++ b/roles/nagios/server/files/nagios/cgi.cfg
@@ -140,7 +140,7 @@ authorized_for_configuration_information=*
# authenticated to the web server.
#authorized_for_system_commands=nagiosadmin
-authorized_for_system_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://parasense.id.fedoraproject.org/,http://pingou.id.fedoraproject.org/,http://tflink.id.fedoraproject.org/,http://mizdebsk.id.fedoraproject.org/,http://msimacek.id.fedoraproject.org/
+authorized_for_system_commands=athmane,ausil,averi,badone,codeblock,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,karsten,parasense,pingou,tflink,mizdebsk,msimacek
@@ -168,9 +168,9 @@ authorized_for_all_hosts=*
#authorized_for_all_service_commands=nagiosadmin
#authorized_for_all_host_commands=nagiosadmin
-authorized_for_all_service_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://pingou.id.fedoraproject.org/,http://tflink.id.fedoraproject.org/,http://mizdebsk.id.fedoraproject.org/,http://msimacek.id.fedoraproject.org/
+authorized_for_all_service_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek
-authorized_for_all_host_commands=http://athmane.id.fedoraproject.org/,http://ausil.id.fedoraproject.org/,http://averi.id.fedoraproject.org/,http://badone.id.fedoraproject.org/,http://codeblock.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://hvivani.id.fedoraproject.org/,http://ianweller.id.fedoraproject.org/,http://jspaleta.id.fedoraproject.org/,http://jstanley.id.fedoraproject.org/,http://kevin.id.fedoraproject.org/,http://lbazan.id.fedoraproject.org/,http://lmacken.id.fedoraproject.org/,http://maxamillio.id.fedoraproject.org/,http://mmahut.id.fedoraproject.org/,http://mmcgrath.id.fedoraproject.org/,http://nb.id.fedoraproject.org/,http://pfrields.id.fedoraproject.org/,http://puiterwijk.id.fedoraproject.org/,http://rafaelgomes.id.fedoraproject.org/,http://ralph.id.fedoraproject.org/,http://sijis.id.fedoraproject.org/,http://smooge.id.fedoraproject.org/,http://susmit.id.fedoraproject.org/,http://tibbs.id.fedoraproject.org/,http://tmz.id.fedoraproject.org/,http://wsterling.id.fedoraproject.org/,http://mdomsch.id.fedoraproject.org/,http://notting.id.fedoraproject.org/,http://ricky.id.fedoraproject.org/,http://toshio.id.fedoraproject.org/,http://spot.id.fedoraproject.org/,http://mahrud.id.fedoraproject.org/,http://dwa.id.fedoraproject.org/,http://karsten.id.fedoraproject.org/,http://pingou.id.fedoraproject.org/,http://tflink.id.fedoraproject.org/,http://mizdebsk.id.fedoraproject.org/,http://msimacek.id.fedoraproject.org/
+authorized_for_all_host_commands=athmane,ausil,averi,badone,codeblock,dwa,hvivani,ianweller,jspaleta,jstanley,kevin,lbazan,lmacken,maxamillio,mmahut,mmcgrath,nb,pfrields,puiterwijk,rafaelgomes,ralph,sijis,smooge,susmit,tibbs,tmz,wsterling,mdomsch,notting,ricky,toshio,spot,mahrud,dwa,karsten,pingou,tflink,mizdebsk,msimacek
# STATUSMAP BACKGROUND IMAGE
diff --git a/roles/nagios/server/templates/nagios-httpd.conf b/roles/nagios/server/templates/nagios-httpd.conf
index cfe31db2da..106ac79e2a 100644
--- a/roles/nagios/server/templates/nagios-httpd.conf
+++ b/roles/nagios/server/templates/nagios-httpd.conf
@@ -8,28 +8,22 @@ ScriptAlias /nagios-just-a-test/cgi-bin/ /usr/lib64/nagios/cgi-bin/
ScriptAlias /tac.cgi /usr/lib64/nagios/cgi-bin/tac.cgi
+
+ AuthName "Nagios GSSAPI Login"
+ GssapiCredStore keytab:/etc/krb5.HTTP_admin.fedoraproject.org.keytab
+ AuthType GSSAPI
+ # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
+ GssapiSSLonly Off
+ GssapiLocalName on
+ Require valid-user
+
+
Options ExecCGI
- AuthType OpenID
- require valid-user
- AuthOpenIDSingleIdP https://id.fedoraproject.org/
- AuthOpenIDSecureCookie on
- AuthOpenIDTrustRoot https://admin.fedoraproject.org
- AuthOpenIDServerName https://admin.fedoraproject.org
- # 3 hours
- AuthOpenIDCookieLifespan 10800
Options None
- AuthType OpenID
- AuthOpenIDSingleIdP https://id.fedoraproject.org/openid/
- AuthOpenIDSecureCookie on
- AuthOpenIDTrustRoot https://admin.fedoraproject.org
- AuthOpenIDServerName https://admin.fedoraproject.org
- # 3 hours
- AuthOpenIDCookieLifespan 10800
- Require valid-user granted
Alias /nagios /usr/share/nagios/html/