User Tools

Site Tools


  Main   About   Help   Download
nconf:help:how_tos:authentication_with_contacts

NConf contacts authentication

NConf offers the possibility to use any external MySQL database for user authentication. There are multiple configuration options which can be used to define the target database, the credentials, as well as your own customized SQL queries. Refer to Auth by SQL to understand how to configure SQL authentication.

A powerful feature of NConf is that it also has built-in functionality to manage user accounts within NConf itself. This enables you to control users, passwords and privileges for NConf and Nagios directly within NConf. Doing this involves telling the NConf authentication mechanism that you wish to authenticate using the NConf database as auth source (more precisely: the 'contact' items within NConf).

Manage NConf access

There are 3 predefined attributes which must be activated first, in order to manage user passwords and permissions:

  1. In NConf, go to the menu “Administration” > “Attributes” > “Show” and select the “contact” attributes.
  2. Edit the following attributes and set ”attribute is visible = yes” for each one:
    • user_password
    • nc_permission
    • nagios_access
  3. Now go to “Additional Items” > “Contacts”:
    • set a password for your own user, to make sure you can still log in later.
    • Also give yourself “admin” rights.
  4. In config/authentication.php, set AUTH_TYPE to ”sql
    define('AUTH_TYPE', "sql");
    • Because you want to use the NConf DB, you do not have to configure the other AUTH_ settings
      (AUTH_DBHOST,AUTH_DBNAME,AUTH_DBUSER,AUTH_DBPASS), just leave it commented.
    • also don't change any of the AUTH_SQLQUERY constants.
      They will tell NConf to authenticate your contacts.
  5. Now you can set a password and the permissions for each user by editing the contacts in NConf
    Add contact with the new attributes







  • Next time you log in, the NConf contacts will be used for authentication.

Password encryption

You might also want to enable password encryption in 'config/nconf.php'. Do this right from the start, because once you have already set several passwords, and you later decide to change the encryption type, you will have to modify all stored passwords. For further information, refer to Configuration: Password attributes.

How to proceed for changing encryption

  1. Log in on NConf with admin rights
  2. Change the encryption type in config/nconf.php and save the file
  3. Go to your contacts and edit the users password or create them
  4. you can verify the encryption by looking for the password in the detail view
  5. the most secure way to test the log in:
    • open a different browser and try to login
  6. otherwise, just log out and log in again

enter password for user

Enter the plain password for the user or admin without the {} tags.

NConf will automatically:

  • Add the {…} (encryption type)
  • Encrypt the password

see screenshots

screenshots

Here you see some screenshots on how the password field should look regarding the encryption type.

clear


To see the passwords plain text, this would be not acceptable for most admins.
Therefore NConf gives you a way to hide them, please have a look here:

crypt

md5

sha1

modify contact


On the modify pages, you will see the password in a password input field.
For changing the password, enter a new one.
Otherwise just leave it as is.

Manage Nagios webaccess

As soon as you start using password attributes for your contacts, NConf will start generating a file called 'global/nagios.htpasswd'. This file is part of the generated output. It is a standard password file for Apache which you can use on your Nagios server to authenticate your users.

If you would like to use the generated .htpasswd file to control access to your Nagios webaccess, you must set the encryption type to either “crypt” or “sha_raw”, because that is what Apache supports in .htpasswd files (“sha_raw” is what we call the implementation of SHA1 that Apache supports).

nconf/help/how_tos/authentication_with_contacts.txt · Last modified: 21.02.2013 00:22 by agargiulo