Thruk PanSnaps + Krb

pansnaps
(Luban8) #1

Hi,
I was playing with PANSNAPS (by the way a handy thing) and they don’t work with kerberos

apache access.log

/site/thruk/cgi-bin/panorama.cgi?map=1 HTTP/1.1" 401 381 "-" "Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) PhantomJS/2.1.1 Safari/538.1"

my workaround (There is certainly a better solution)

etc/apache/conf.d/auth.conf
  • <RequireAny>
          Require ip ::1 127.0.0.1
          Require valid-user
    </RequireAny>
(Sven Nierlein) #2

i don’t think there is a better solution right now. Next OMD release will have a new option for the thruk cookie auth “sso support” which can be used together with kerberos. Thruk then only verifys existing cookies and api keys but will not be used to handle the logins. That way Thruk may create temporary sessions on the fly to bypass authentication.
However, it still has to be checked if this plugin makes use of that new feature. The pansnaps plugin was written once for a customer and opensourced, so there has been little work done to make this plugin of general use.