Versions Compared

Old Version 7

changes.mady.by.user Keith Sinclair

Saved on

compared with

New Version 8

changes.mady.by.user Alexander Zangerl

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated htpasswd hash method info

...

When NMIS Single Sign On is configured you MUST use the Full Qualified Domain Name to access the server.

...

User administration when using the htpasswd Method

Encryption Methods

Apache (and its htpasswd tool) support a number of different password hashing mechanisms. In the past htpasswd's default mechanism was "crypt" but on most operating systems that has been changed to "md5" (as it resists dictionary attacks much better).

However: NMIS in versions up to and including 8.5G only supports the "crypt" mechanism. This means that you have to explicitely specify the appropriate method when you run htpasswd.

Adding a user for Authentication

To add a new user to NMIS8 (while it is using htpasswd, or Apache for Authentication - and assuming that Apache has not already been integrated with LDAP, Active Directory, Radius, or the like, ) you will need to create a new Web Based user, this . This is done with using the following commands (assuming that nmis8 is installed in the default location):, using testuser as example:

Code Block
cd /usr/local/nmis8/conf

...

 # adjust that if nmis8 is not installed in the default location
# for encryption method crypt:
htpasswd -d users.dat

...

 testuser 
# ...then just follow the prompts
# for encryption method md5, BUT only for NMIS newer than 8.5G:
htpasswd -m users.dat testuser


This adds the user testuser for Authentication, now the purpose of Authentication. Now the application needs to be able to Authorise the user.also told about the users' Authorisation.

Setting up a user's Authorisations

Login to the NMIS Portal, as an administration user, the normal URL is http://nmisserver/cgi-nmis8/nmiscgi.pl

Using the menu access "System -> System Configuration -> Users", select "add" from the top right, and then complete the form, specifying the User which matches the user added using htpasswd, specify Privilege and Groups, using "all" if all groups are permitted, multiple groups can be selected.

Default Encryption and htpasswd

Apache documentation suggests that the default encryption for htpasswd is MD5, but testing done by NMIS development team shows it is crypt compatible, if you are having problems with this, you can test yourself.

Code Block
htpasswd -b -c users.default.dat nmis nm1888
htpasswd -b -d -c users.crypt.dat nmis nm1888
htpasswd -b -m -c users.md5.dat nmis nm1888

# Make sure NMIS is using 'auth_htpasswd_encrypt' => 'crypt',
cp users.default.dat users.dat

# Logout login -> Success 

cp users.crypt.dat users.dat

# Logout, login -> Success 

# Make sure Perl module "Digest::MD5" is installed 
# Make sure NMIS is using 'auth_htpasswd_encrypt' => 'md5',

# Logout, login, -> FAIL 
 
cp users.md5.dat users.dat

# Logout, login, -> Success (this failed for me, I could not get MD5 to work.)

 

...

User names and case

User names in many systems are not case sensitive, so NMIS will handle usernames in lower case, when adding users to Users.nmis, ensure that the name is all in LOWER CASE.

...