Re: [monit] Patch: monit and Linux-PAM

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit] Patch: monit and Linux-PAM

From:	Martin Pala
Subject:	Re: [monit] Patch: monit and Linux-PAM
Date:	Sun, 24 Aug 2008 22:04:19 +0200

Thanks for patch, very nice feature :)

PAM support added to CVS, you can get it here:
http://savannah.nongnu.org/cvs/?group=monit

(verified PAM support on Linux, Mac OS X, FreeBSD, NetBSD ... workswell :)



Thanks,
Martin

P.S.
sorry for long delay


On Apr 1, 2008, at 9:18 PM, Wilhelm Meier wrote:

Hello,

here is a small patch for monit-4.10.1 to make monit Linux-PAM aware.

With this patch it is possible to setup monit to use the
posix-group-membership to distinguish between user who

1)  can't see any information from the monit webserver
2) get a readonly view
3) can restart services, enable/disable monitoring, etc.

together with autorization via Linux-PAM.

Therefore one can define in the monitrc:
--
# to give users of posix-group 'group' readonly view
allow @group readonly

# to give users of posix-group 'service' full view
allow @service
--
Users who are not authenticated via pam don't see anything.

The patch is most usefull if the system where monit runs is setup with
nss (name service switch) and PAM using a centralized user database.
In most cases this would be LDAP. Group membership is resolved via
nss and authorization is done via PAM-Service 'monit'. If one uses
LDAP as centralized user-DB nss-ldap and pam-ldap are necessary
components.

Enjoy,
--
Wilhelm
<monit-4.10.1-pam.patch>--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [monit] Patch: monit and Linux-PAM, Martin Pala <=

Prev by Date: Re: [monit] syntax error 'then'
Next by Date: [monit] postgrey pid and postgrey.pid out of sync
Previous by thread: [monit] syntax error 'then'
Next by thread: [monit] postgrey pid and postgrey.pid out of sync
Index(es):
- Date
- Thread