I followed the example in /etc/nagios4/apache2.conf to enable Digest authentication. I added the following into <DirectoryMatch>:
AuthDigestDomain "Nagios" AuthDigestProvider file AuthUserFile "/etc/apache2/.htpasswd.users" AuthGroupFile "/etc/groups" AuthName "Nagios Login" AuthType Digest Require valid-user
I do not get the login prompt when accessing localhost/nagios4. Am I missing something? I even tried to surround the above-mentioned code with <RequireAll></RequireAll> and to no avail.
Which product are you using? Is this on Nagios CSP, Nagios core, or Nagios XI?
Please follow the steps outlined in this document on Implementing Digest Authentication - https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/cgisecurity.html
I am running Nagios core.
I used the following code to create an /etc/apache/conf-available/nagios.conf file and enabled it with a2enconf:
ScriptAlias /nagios/cgi-bin "/usr/sbin/nagios4" <Directory "/usr/sbin/nagios4"> Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthType Digest AuthName "Nagios Access" AuthUserFile "/etc/apache2/.htpasswd.users" Require valid-user </Directory> Alias /nagios "/usr/share/nagios" <Directory "/usr/share/nagios"> Options None AllowOverride None Order allow,deny Allow from all AuthType Digest AuthName "Nagios Access" AuthUserFile "/etc/apache2/.htpasswd.users" Require valid-user </Directory>
This does not work.
I need the paths verified for "ScriptAlias," "Alias," and "<Directory>" since these reference "/usr/local" in the Enhanced CGI Security and Authentication tutorial, and /usr/local does not pertain to my installation.
If this is related to core please use the following forum to post this question - https://support.nagios.com/forum/viewforum.php?f=7
The following Enhanced CGI Security and Authentication tutorial for Nagios needs to be updated and fixed: https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/4/en/cgisecurity.html
The syntax in this tutorial is for outdated Apache 2.2; therefore, it needs to be updated to Apache 2.4 syntax.
For example:
Order allow,deny Allow from all
needs to be replaced with:
Require all granted
also
AuthDigestFile
needs to be replaced with:
AuthUserFile
@travis-bean Thanks for bringing that to our attention. I'll make a note of it and notify the team tracking our documentation that needs updating. In the mean time if there are more core related questions, like @rarafa mentioned above you may find more traction on our core specific forums.
