[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Avoiding double authentication
|
From: |
Martin Pala |
|
Subject: |
Re: Avoiding double authentication |
|
Date: |
Fri, 24 Feb 2017 16:32:52 +0100 |
Hello,
the problem is most probably caused by the CSRF cookie position
(https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check) - it is
fixed in the upcoming monit 5.21.0 release.
You can test the development version if you want (the official release will be
ready most probably ready during next week):
wget https://bitbucket.org/tildeslash/monit/get/master.tar.gz
tar -xzf master.tar.gz
cd tildeslash*
./boostrap
./configure
make
Best regards,
Martin
> On 8 Feb 2017, at 01:23, Andrii Senkovych <address@hidden> wrote:
>
> Hello,
>
> recently I have upgraded monit from 5.9 to 5.20 and found differences
> in authentication process. I used the following setup:
>
> set httpd port 2812 and
> use address localhost
> allow localhost
>
> Above this I used web server with HTTP authentication enabled to
> restrict access to monit web interface.
>
> In addition I use monit command line tool and in some cases I proxy
> localhost:2812 with SSH. In this case I do not need additional
> authentication.
>
> However after upgrade to 5.20 this setup no longer works: all I get is
> connection being refused.
>
> Is it possible to get previous behaviour for version 5.20?
>
> Thank you in advance.
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general