-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Vegard Vesterheim wrote:
I would like for NAV to *not do authentication at all*, but instead rely on 'higher powers' (in my case: Apache) to do this. In principle this would imply skipping the local authentication handling in NAV altogether. Apache does the authentication part, and NAV picks up the authenticated username and just does the authorization.
Although this type of authentication is not built in to NAV today, Bj?rn Ove has identified where to do it; follow the trail from subsystem/webFront/lib/nav/web/__init__.py in function headerparserhandler, which invokes the authentication module of NAV. Although the authentication bits aren't very modular today, they can easily be rewritten to take authentication tokens from the URL or from Apache headers.
Well, a kind of fallback mechanism with a local userdatabase in NAV could be useful. For instance if the central login-service is unavailable, a local emergency fallback could be helpful.
This is the reason why NAV performs the authentication step today, either through LDAP or locally. If it didn't, and the LDAP server (or another type of external authentication server) is unreachable, you will be unable to use NAV to debug the network problem, as you can't log in. If the Apache mechanism provides the fallback itself, that would be OK as well.
As a sidenote, regardless of whether NAV performs authentication against the local NAVdb or the remote LDAP, an entry for the user that logs in must be placed in the NAVdb. This entry is used to store user preferences and NAV authorization information. If you do create a third authentication method, you must also make sure to create NAVdb entries for new users that are authenticated through the external system.
- -- Morten Vold NTNU ITEA Integrasjonsgruppen
From Vidar.Faltinsen at uninett.no Mon Mar 7 13:38:07 2005
From: Vidar.Faltinsen at uninett.no (Vidar Faltinsen) Date: Mon Mar 7 13:38:24 2005 Subject: [Nav-users] brake-up Advanced Search web-page In-Reply-To: s2283141.016@HVO-3.hivolda.no References: s2283141.016@HVO-3.hivolda.no Message-ID: Pine.LNX.4.61.0503071331070.32236@valentin.uninett.no
On Fri, 4 Mar 2005, Peder Magne Sefland wrote:
We have put description on many of our swichports, and we want to search on portname.
The only way to do this (so fare I can see) is to go to Home > Report
Switchports and then click on the Advance Search.
But on this page you'll have to scrool sideways pretty long before you find the portname-field
I consider this a bug in the report system, where the advanced page looks very messy in variuos browsers and make it hard to use. Probably an easy fix... Morten?
The best thing would be a field-search in the /report -page
Something like this maybe
Reports
IP Device Center Room search Device search Switchports w/vlan Portname
This is also a good idea. Searching for portnames is an often used feature!
Be aware however that NAV is competing with itself in this matter; another tool, Network Exlorer gives you the ability to search for portnames. Maybe this will be of help?
- Vidar