Avoiding double authentication

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Avoiding double authentication

Andrii Senkovych
Hello,

recently I have upgraded monit from 5.9 to 5.20 and found differences
in authentication process. I used the following setup:

set httpd port 2812 and
    use address localhost
    allow localhost

Above this I used web server with HTTP authentication enabled to
restrict access to monit web interface.

In addition I use monit command line tool and in some cases I proxy
localhost:2812 with SSH. In this case I do not need additional
authentication.

However after upgrade to 5.20 this setup no longer works: all I get is
connection being refused.

Is it possible to get previous behaviour for version 5.20?

Thank you in advance.

--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
Reply | Threaded
Open this post in threaded view
|

Re: Avoiding double authentication

martinp@tildeslash.com
Hello,

the problem is most probably caused by the CSRF cookie position (https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check) - it is fixed in the upcoming monit 5.21.0 release.

You can test the development version if you want (the official release will be ready most probably ready during next week):

        wget https://bitbucket.org/tildeslash/monit/get/master.tar.gz
        tar -xzf master.tar.gz
        cd tildeslash*
        ./boostrap
        ./configure
        make

Best regards,
Martin


> On 8 Feb 2017, at 01:23, Andrii Senkovych <[hidden email]> wrote:
>
> Hello,
>
> recently I have upgraded monit from 5.9 to 5.20 and found differences
> in authentication process. I used the following setup:
>
> set httpd port 2812 and
>    use address localhost
>    allow localhost
>
> Above this I used web server with HTTP authentication enabled to
> restrict access to monit web interface.
>
> In addition I use monit command line tool and in some cases I proxy
> localhost:2812 with SSH. In this case I do not need additional
> authentication.
>
> However after upgrade to 5.20 this setup no longer works: all I get is
> connection being refused.
>
> Is it possible to get previous behaviour for version 5.20?
>
> Thank you in advance.
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general


--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general