web authentication
Nick Bright
nick.bright at terraworld.net
Wed Jun 25 17:11:36 EDT 2008
The answer to my own followup question is:
When you comment out web_auth_file.pl, arguscgi automatically logs you
in as a conjured user called "webanon" which has group membership in
root, staff, and user.
To kick this user down to "user" level, I edied web_login.pl and
arguscgi and replaced all instances of
$me->create_auth( 'webanon', 'Top', 'root', 'staff', 'user' );
with
$me->create_auth( 'webanon', 'Top', 'user' );
as well as another line in arguscgi that was
('webanon', $^T, 0, 'Top', '-', 'root', 'staff', 'user' );
changed to
('webanon', $^T, 0, 'Top', '-', 'user' );
This makes the automatically created user a low permission level,
blocking out access to the configuration file, notifications, and debugging.
---
- Nick Bright
Network Administrator
Terra World
Tel 888-332-1616 x 315
Fax 620-332-1201
Howells, Bruce E wrote:
> Sorry about the strange reply, but I found this posting in the archive
> just before I joined the list.
>
>
>
> Probably tacky, but I've accomplished this (noop-ing the login screen)
> by simply commenting out the require "web_auth_file.pl" in arguscgi...
> brute-force, but it works.
>
>
>
> Bruce Howells, IT/EC DTM SDES - Hudson, Massachusetts
>
> If urgent, please page 866-593-8707 or email-to-page at
> brucehowells at skytel.com <mailto:brucehowells at skytel.com> .
>
>
>
> _______________________________________________
> http://argus.tcp4me.com/
> Arguslist at tcp4me.com
> http://www.tcp4me.com/mailman/listinfo/arguslist
More information about the Arguslist
mailing list