Problem with cookie authentication

148 views
Skip to first unread message

Shanti Khot

unread,
Oct 26, 2021, 3:16:08 PM10/26/21
to Thruk
Hi List,

I need user login/logout data for thruk. I have enabled cookie authentication along with LDAP. (no changes made in default thruk_cookie_auth.include, only paths are adjusted as per installation) However, problem with cookie authentication is -

1) Thruk logout doesn't work in Mozilla Firefox. It works in Chrome though. Means while logging in, it prompts for username and password dialog box, but after logout it shows regular thruk login form for username and password and not the dialog box. It should show the dialog box. We need to clear active logins in mozilla history for logout every time. 

2) If user log in with dialog box, thruk only captures session creation logs and not login logs. If user logs in with regular thruk login form (thruk/cgi-bin/login.cgi), it captures session creation, login and logout logs.

Can anyone suggest how to fix this?

Below is our apache configuration

<VirtualHost *:8085>
    DocumentRoot /opt/app/thruk/share/root/thruk
    <Directory /opt/app/thruk/share/root/thruk>
        Options FollowSymLinks
        AllowOverride All
        order allow,deny
        allow from all
    </Directory>
    Alias /thruk/documentation.html /opt/app/thruk/share/root/thruk/documentation.html
    Alias /thruk/startup.html /opt/app/thruk/share/root/thruk/startup.html
    AliasMatch ^/thruk/(.*\.cgi|.*\.html|r/.*) /opt/app/thruk/share/fcgid_env.sh/thruk/$1
    AliasMatch ^/thruk/plugins/(.*?)/(.*)$     /opt/app/thruk/etc/plugins/plugins-enabled/$1/root/$2
    Alias /thruk/themes/  /opt/app/thruk/etc/themes/themes-enabled/
    Alias /thruk /opt/app/thruk/share/root/thruk

<Location /thruk/>
        Options ExecCGI FollowSymLinks
        Allow from all
        order allow,deny
        AuthName "Thruk Monitoring"
        AuthType Basic

        #leagacy file authentication first, then ldap
        AuthBasicProvider file ldap

        #legacy file (or set it to /dev/null
        AuthUserFile /opt/app/thruk/etc/htpasswd
        
        #ldap
        AuthLDAPBindDN "****"
        AuthLDAPBindPassword "****"
        AuthLDAPURL "ldaps://***)"
        Require user aaa bbb ccc 
</Location>


    <IfModule mod_fcgid.c>
        AddHandler fcgid-script .sh
        MaxRequestsPerProcess 100
    </IfModule>
</VirtualHost>
========================================================

Below are cookie auth settings.

cookie_path = /
#cookie_secure_only = 1
cookie_auth_login_url             = thruk/cgi-bin/login.cgi
cookie_auth_restricted_url        = http://localhost/thruk/cgi-bin/restricted.cgi
cookie_auth_session_timeout       = 86400
cookie_auth_session_cache_timeout = 30
cookie_auth_login_timeout         = 10
#cookie_auth_domain               = .domain.com
cookie_auth_login_hook           = ./bin/hook.sh
cookie_auth_verbose               = 3
cookie_auth_disable_after_failed_logins = 10

Sven Nierlein

unread,
Oct 27, 2021, 2:48:12 AM10/27/21
to th...@googlegroups.com, Shanti Khot
Hi,

i cannot see the include for the cookie authentication. It seems you are not using cookie authentication at all. Right now, i
guess you are using plain and simple ldap auth. If you get a login form like on https://demo.thruk.org then you have a working
cookie authentication. You have to include the cookie auth include file in every virtualhost which provides Thruk.

Cheers,
Sven


Am 26.10.21 um 21:16 schrieb Shanti Khot:
> --
> You received this message because you are subscribed to the Google Groups "Thruk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to thruk+un...@googlegroups.com <mailto:thruk+un...@googlegroups.com>.
> To view this discussion on the web visit https://groups.google.com/d/msgid/thruk/600e693e-56dd-4df8-b097-646452941344n%40googlegroups.com <https://groups.google.com/d/msgid/thruk/600e693e-56dd-4df8-b097-646452941344n%40googlegroups.com?utm_medium=email&utm_source=footer>.

Shanti Khot

unread,
Oct 29, 2021, 5:39:08 AM10/29/21
to Thruk
Hi Sven,

I have included thruk_cookie_auth.include in seperate  thruk_cookie_auth_vhost.conf file in apache directory. This logs me in to the thruk but not with login form like  https://demo.thruk.org. Instead it prompts for dilaog box for username and password.

I also tried commenting Include statement in thruk_cookie_auth_vhost.conf and specified same statement in main virtual host directive that I posted earlier. But it gives me "Bad request" error.  Probably order of directives needs to be proper. Can you suggest?


Thanks
Shanti Khot

Shanti Khot

unread,
Nov 1, 2021, 2:35:20 PM11/1/21
to Thruk
  Hi Sven,

Also, below is the apache error logs after including cookie authentication.

Can't locate Thruk/Config.pm in @INC (you may need to install the Thruk::Config module) (@INC contains: /opt/tools/nagios/Perlmods-Nagios @DATADIR@/lib @THRUKLIBS@ /opt/tools/nagios/perl/lib/site_perl/5.20.3/x86_64-linux /opt/tools/nagios/perl/lib/site_perl/5.20.3 /opt/tools/nagios/perl/lib/5.20.3/x86_64-linux /opt/tools/nagios/perl/lib/5.20.3 .) at /opt/app/thruk/share/thruk_auth line 45.

Do I need to set paths explicitly in .profile or something?

Thanks
Shanti K
Reply all
Reply to author
Forward
0 new messages