Sécurisation de l'inventaire

[AntoninGP]

Il faudrait compléter le couple utilisateur/mot de passe du serveur Apache avec la gestion de certificats, afin de sécuriser la remontée des inventaires vers le serveur.

user

_Specifies the user to use for HTTP authentication on the server._

password

_Specifies the password to use for HTTP authentication on the server._

ca-cert-dir

_Specifies the directory containing indexed Certification Authority (CA) certificates.

This directory must contain the certificate files corresponding to different certificate authorities in Privacy Enhanced Mail (PEM) format. The file name of each certificate file must match the hash value of the certificate's subject field and use the .0 extension.

You can obtain the hash value of the certificate's subject field and copy the CA.crt certificate to the expected place following this snippet:

$ CA_CERT_DIR=/etc/glpi-agent/ca-cert-dir
$ openssl x509 -in CA.crt -subject_hash -noout
b760f1ce
* cp -a CA.crt $CA_CERT_DIR/b760f1ce.0_

ca-cert-file

_Specifies the file containing aggregated Certification Authority (CA) certificates._

ssl-cert-file

_Specifies the file containing SSL client certificate to use when connecting to server target or for WinRM remote inventory._

ssl-fingerprint (Available since GLPI Agent v1.3)

_Specifies the fingerprint of the ssl server certificate to trust.

The fingerprint to use can be retrieved in agent log by temporarily enabling no-ssl-check option._

[AntoninGP]

Attention, avec authentification via AUTHBASIC, impossible d'afficher une page sur le front GLPI faisant appel au plugin inventory résolution -> https://forum.glpi-project.org/viewtopic.php?id=158461

[AntoninGP]

Attention, avec authentification via AUTHBASIC, impossible d'afficher une page sur le front GLPI faisant appel au plugin inventory résolution -> https://forum.glpi-project.org/viewtopic.php?id=158461

Solution : combo AUTHBASIC et filtrage USERAGENT