[Pkg-nagios-devel] Bug#960675: Default apache.conf has broken authentication
Sven Bartscher
sven.bartscher at credativ.de
Fri May 15 10:52:43 BST 2020
Package: icinga-cgi
Version: 1.14.2+ds-1
Severity: normal
In previous versions the shipped default apache2.conf contained these
authorization related directives:
```
Order Allow,Deny
Allow From all
[...]
Require valid-user
```
This had the effect that user had to authenticate (be a `valid-user`)
to access the web interface. However, in the version this bug applies
to, the `Order` and `Allow` directives have been replaced by a single
`Require all granted` directive. Now the two `Require' directives
interact differently, than was previously intended. Instead of
requiring a `valid-user` the `all granted` now takes precedence and
users aren't required to authenticate.
I'm aware this probably won't get fixed, because the icinga package
was removed from unstable. I'm just filing this bug to document it for
anyone who might come across this problem.
Regards
Sven
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-debug
APT policy: (990, 'testing-debug'), (990, 'testing'), (102, 'unstable-debug'), (102, 'unstable'), (101, 'experimental-debug'), (101, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
More information about the Pkg-nagios-devel
mailing list