From e678b0bb5d21cd2c88c0753d592cf94cd7fe32d5 Mon Sep 17 00:00:00 2001
From: Ricky Elrod <codeblock@fedoraproject.org>
Date: Mon, 14 Jul 2014 01:37:05 +0000
Subject: [PATCH] openid auth

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
---
 .../nagios_server/templates/nagios-httpd.conf | 63 ++++++-------------
 1 file changed, 19 insertions(+), 44 deletions(-)

diff --git a/roles/nagios_server/templates/nagios-httpd.conf b/roles/nagios_server/templates/nagios-httpd.conf
index 1499508a32..f172afdf88 100644
--- a/roles/nagios_server/templates/nagios-httpd.conf
+++ b/roles/nagios_server/templates/nagios-httpd.conf
@@ -10,22 +10,28 @@ ScriptAlias	/tac.cgi	/usr/lib64/nagios/cgi-bin/tac.cgi
 
 <Location ~ "/(nagios|nagios-external|nagios-just-a-test)/cgi-bin/>
   Options ExecCGI
-  AuthType Basic
-  AuthName "nagios"
-
-  Auth_PG_host db-fas
-  Auth_PG_port 5432
-  Auth_PG_user fasreadonly
-  Auth_PG_pwd "{{fas_db_readonly_password}}"
-  Auth_PG_database fas2
-  Auth_PG_pwd_table people
-  Auth_PG_uid_field username
-  Auth_PG_pwd_field password
-  Auth_PG_pwd_whereclause " and status='active'"
-
+  AuthType OpenID
   require valid-user
+  AuthOpenIDSingleIdP https://id.fedoraproject.org/
+  AuthOpenIDSecureCookie on
+  AuthOpenIDTrustRoot https://admin.fedoraproject.org
+  AuthOpenIDServerName https://admin.fedoraproject.org
+  # 3 hours
+  AuthOpenIDCookieLifespan 10800
 </Location>
 
+<Directory "/usr/share/nagios/html">
+  Options None
+  AuthType OpenID
+  AuthOpenIDSingleIdP https://id.fedoraproject.org/
+  AuthOpenIDSecureCookie on
+  AuthOpenIDTrustRoot https://admin.fedoraproject.org
+  AuthOpenIDServerName https://admin.fedoraproject.org
+  # 3 hours
+  AuthOpenIDCookieLifespan 10800
+  Require valid-user granted
+</Directory>
+
 Alias /nagios /usr/share/nagios/html/
 
 # This will only affect noc2 because the proxies only forward -external to it.
@@ -33,34 +39,3 @@ Alias /nagios-external /usr/share/nagios/html/
 
 # Test
 Alias /nagios-just-a-test /usr/share/nagios/html/
-
-<Directory /usr/share/nagios/html/>
-   Options None
-</Directory>
-
-# For SSL-servers
-#<Directory /usr/lib/nagios/cgi-bin/>
-#   Options ExecCGI
-#   SSLRequireSSL
-#   order deny,allow
-#   deny from all
-#   allow from 127.0.0.1
-#   AuthType Basic
-#   AuthUserFile /etc/nagios/passwd
-#   AuthName "nagios"
-#   require valid-user
-#</Directory>
-#
-#Alias /nagios/ /usr/share/nagios/html/
-#<Directory /usr/share/nagios/html/>
-#   Options None
-#   SSLRequireSSL
-#   order deny,allow
-#   deny from all
-#   allow from 127.0.0.1
-#   AuthType Basic
-#   AuthUserFile /etc/nagios/passwd
-#   AuthName "nagios"
-#   require valid-user
-#</Directory>
-