14 Configurazione di Kerberos con Zabbix
Overview
Kerberos authentication can be used in web monitoring and HTTP items in Zabbix since version 4.4.0.
This section describes an example of configuring Kerberos with Zabbix
server to perform web monitoring of www.example.com with user
'zabbix'.
Passi
Passo 1
Installa il pacchetto Kerberos.
Per Debian/Ubuntu:
apt install krb5-userPer REL:
yum install krb5-workstationPasso 2
Configurare il file di configurazione Kerberos (vedere la documentazione MIT per i dettagli)
cat /etc/krb5.conf
[libdefault]
default_realm = EXAMPLE.COM
# The following krb5.conf variables are only for MIT Kerberos.
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
EXAMPLE.COM = {
}
[domain_realm]
.example.com=EXAMPLE.COM
example.com=EXAMPLE.COM
Step 3
Create a Kerberos ticket for user zabbix. Run the following command as user zabbix:
kinit zabbixIt is important to run the above command as user zabbix. If you run it as root the authentication will not work.
Step 4
Create a web scenario or HTTP agent item with Kerberos authentication type.
Optionally can be tested with the following curl command:
curl -v --negotiate -u : http://example.comNote that for lengthy web monitoring it is necessary to take care of renewing the Kerberos ticket. Default time of ticket expiration is 10h.