Date: Wed, 5 Dec 2007 17:20:03 GMT From: "Andrew Daugherity" <adaugherity@tamu.edu> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/118434: [patch] net-mgmt/nrpe2 should enable SSL by default Message-ID: <200712051720.lB5HK3iG047363@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/118434; it has been noted by GNATS. From: "Andrew Daugherity" <adaugherity@tamu.edu> To: "Jarrod Sayers" <jarrod@netleader.com.au> Cc: <bug-followup@FreeBSD.org> Subject: Re: ports/118434: [patch] net-mgmt/nrpe2 should enable SSL by default Date: Wed, 05 Dec 2007 10:55:26 -0600 >>> On 12/5/2007 at 5:24 AM, in message <A7FBA655-758C-4522-957A-FC944FCCB47A@netleader.com.au>, Jarrod Sayers <jarrod@netleader.com.au> wrote: > Andrew, >=20 > The default for net-mgmt/nrpe2 is to be compiled without SSL support. = =20 > This results in both nrpe2 and check_nrpe2 being unable to support SSL = =20 > connections or services, and thus non-SSL becomes the default =20 > connection method. If the port is built with SSL support, nrpe2 =20 > supports only SSL connections but check_nrpe2 supports both with the =20 > default being SSL. You may then use the -n flag from the command line = =20 > to connect to hosts without the SSL binary. My mistake, I thought /usr/local/libexec/nagios/check_nrpe2 was install by = the nagios-plugins port (which nrpe2 depends on, and installs everything = else in /usr/local/libexec/nagios), but I see now it is part of nrpe2. No SSL settings in make.conf, the only thing in there is the two lines = added by use.perl. In our case, check_nrpe2 will be run on our Nagios server (a Linux box), = not this machine, and I installed nrpe2 with 'portinstall -P nrpe2' (using = the campus mirror of packages-6-stable) to monitor things such as load = average, ipmitool sensor output, etc. On the other Linux machines I = installed nrpe (via YaST, apt-get, etc.) and it just worked, but in this = case I had to rebuild the port and tick the SSL option (or else add -n to = the nagios script). It's not a huge problem, but IMO it violates the principle of least = surprise. Is there any reason not to make SSL the default for this port? = Would splitting into nrpe2{,-nossl} (or nrpe2{,-ssl}) ports (or at least = pkg builds) be a better solution? On both 5.5 and 6.2, nrpe2 links = against the system libssl so there aren't any additional ports dependencies= . Thanks, Andrew Daugherity
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712051720.lB5HK3iG047363>