Nagios Support Forum

Hi,

I’ve tried access the URL directly using the backend ticket from the Backend API URL component. It seems that I can see all the hosts/ services regardless of what had been authorized for the specific user.

For eg: I have used the backend login hash for a user called “test” that has been authorized to view certain services. But when I browse to the following URL, I could see all the host/serivces
https://<nagios-host>/nagiosxi/includes/components/xicore/status.php?show=services?username=test&ticket=gdddlq

Thanks

Had you logged out of the administrator account prior to using this URL to access the test user? I was not able to recreate this here unless I was still logged into the administrator's account.

Yes I've logged in before as an admin acct. Once I logged out, and browse again to the URL, I've got " Your session has timed out" error

Thanks

The problem is in the URL, you have two question marks, so the credentials are being ignored.

https://<nagios-host>/nagiosxi/includes/components/xicore/status.php?show=services?username=test&ticket=gdddlq

I've tried again after replacing 2nd "?" with "&", still getting the same error.
https://<nagios-host>/nagiosxi/includes/components/xicore/status.php?show=services&username=test&ticket=gdddlq
Do users need to have certain privileges to execute those phps?

Thanks

Same results on my machine. I don't think that page is setup to currently accept a backend ticket. It the auto-login feature a possibility for your scenario?

[EDIT]: From looking into this further, this is actually a result of some code we recently added. I'll post a patch shortly that you can add that will be in the 1.2 release that will allow this login method to work. (1.1 is posting this morning, so it won't be until the next release).

Patch to make the inline login work (this will be in the 1.2 release):

Edit: /usr/local/nagiosxi/html/includes/utils.inc.php

Change line 108 from: To:

after code change, it worked. Thanks so much