Purpose
State the different authentication methods available for OMK applications
Authentication Methods
OMK authentication methods are configured in /usr/local/omk/conf/opCommon.nmis inside the authentication hash. This entire file is a perl hash, so be mindful of syntax. After editing this file a 'perl -c opCommon.nmis' will verify if the syntax is correct. For authentication method changes to take effect the omkd service will need to be restarted. Here's an example of the authenticaion hash inside opCommon.nmis. Remember that statements preceded by the '#' sign are 'commented out' and will not be evaluated.
'authentication' => { 'auth_htpasswd_file' => '<omk_conf>/users.dat', 'auth_htpasswd_encrypt' => 'crypt', 'auth_method_1' => 'htpasswd', 'auth_method_2' => '', 'auth_method_3' => '', 'auth_login_motd' => 'Authentication required: default credentials are nmis/nm1888', 'auth_crowd_server' => '', 'auth_crowd_user' => '', 'auth_crowd_password' => '', 'auth_sso_domain' => '', 'auth_expire_seconds' => '3600', 'auth_lockout_after' => 0, #'auth_ms_ldap_attr' => 'sAMAccountName', #'auth_ms_ldap_base' => 'CN=Users,DC=your_domain,DC=com', #'auth_ms_ldap_group' => 'CN=Users,DC=your_domain,DC=com', #'auth_ms_ldap_debug' => 'false', #'auth_ms_ldap_dn_acc' => 'CN=Administrator,CN=Users,DC=your_domain,DC=com', #'auth_ms_ldap_dn_psw' => 'your_administrator_password', #'auth_ms_ldap_server' => 'your.ip.address.here' },
The following table lists OMK configuration options and the type of authentication which it works with.
Method | Description |
---|---|
apache | Apache will perform authentication and provide an authenticated user to NMIS, which will have authorisation policies applied. |
ldap | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Module: Net::LDAP Config: |
ldaps (secure) | NMIS will use the configured LDAP server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS auth_ldaps_server => 'host[:port]' |
ms-ldap | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Module: Net::LDAP Config: |
ms-ldaps (secure) | NMIS will use the configured Microsoft Active Directory (LDAP) server to perform authentication Requires Optional Perl Modules: IO::Socket::SSL and Net::LDAPS Config: |
radius | NMIS will use the configured radius server (Cisco ACS or Steel Belted Radius for example) Requires Optional Perl Modules: Authen::Simple::RADIUS Config: |
tacacs | NMIS will use the configured Tacacs+ server (Cisco ACS for example) Requires Optional Perl Modules: Authen::TacacsPlus Config: |
htpasswd | NMIS will use the users defined in the NMIS Users file, by default /usr/local/nmis8/conf/users.dat |