Werk #1069

ComponentGUI
TitleReplaced insecure auth.secret mechanism
Date2014-11-12 14:08:57
Check_MK Version1.2.6b1
Level2 - Prominent Change
ClassSecurity Fix
CompatibilityIncompatible - Manual interaction might be required

We replaced a insecure mechanism of generating the auth.secret whichis used during construction of the authentication cookies when a userlogs into the Check_MK Web GUI to make the authentication cookie onlyvalid for an individual site or a group of sites connected in adistributed setup.

What you have to know about:

When the first user accesses the Web GUI after the update to this version,all currently valid auth cookies of all users will be invalidated. As aresult all users will need to login again.

In distributed setups you will also need to do a replication from themaster site (which generated a new secret) to all slave sites (whichgenerated another secret themselfs). The replication will synchronizethe new secret of the master to all slaves which should make thetransparent authentication between all sites work again.

To the list of all Werks



 

Navigation:

Check_MK
Die Check_MK Editionen
Das Check_MK Monitoring-System
Bildschirmfotos
Screencasts
Demo-Server
Erfolgsgeschichten und Meinungen
Download
Anwender-Handbuch
FAQ - Check_MK
Mailinglisten
Änderungshistorie (Werks)
Katalog der Checkplugins
Bekannte Fehler & Feedback
Öffentliches GIT-Archiv
Exchange
Subskription & Support
FAQ - Subskription & Support
Ihre Vertragsdaten
Die Check_MK Appliance
FAQ - Check_MK Appliance
Appliance Downloads
Änderungshistorie (Werks - Appliance)
Frühere Dokumentation (nicht mehr gepflegt)