Type: Change Request
Affects Version/s: None
Component/s: Frontend (F)
Sprint:Sprint 35, Sprint 36, Sprint 37, Sprint 38, Sprint 39, Sprint 40, Sprint 41, Sprint 42, Sprint 43
When Apache Auth directives are configured for all Zabbix frontend pages:
- As a Zabbix user, after migration from Zabbix 3.X with HTTP enabled, I want it still be impossible to login using Internal/LDAP password without signing in with Apache first.
When Apache Auth directives are configured only to login_http.php page:
- As a Zabbix user, I can login with HTTP(using Kerberos or others types) or using Internal/LDAP passwords
- As a Zabbix admin, I can choose whether to redirect unauthorized users to HTTP login or Zabbix login form
- If HTTP auth is enabled:
- Any zabbix users, regardless of their user groups, can sign in with HTTP auth if their alias match
- It's still must be possible to sign in using standard zabbix login page using Internal or LDAP passwordif web server is setup accordingly)
- HTTP auth and standard zabbix login pages must have separate URLs directly accessible.
- If HTTP auth is globally disabled, then HTTP auth page must redirect to Internal auth page
- It must be possible to remove domain part of the username received from web server. i.e. [email protected] becomes just username