'lite' interface

Anything you want added or changed in future versions of ZoneMinder? Post here and there's a chance it will get in! Search to make sure it hasn't already been requested.
Post Reply
gregmac
Posts: 17
Joined: Tue Mar 30, 2004 4:31 pm

'lite' interface

Post by gregmac »

Just setup zoneminder again after a bit of hiatus. I was using it with just a webcam before (and the not-very-great qc-usb drivers) and it actually caught a couple of employees stealing (which we suspected and was the reason for putting it up), but broke when I upgraded the server hardware and the qc-usb drivers wouldn't load. Now I'm up again with a netcam, and have a bt878 board and some cameras on the way.

Anyways. As I was playing around with it, I was thinking it would be very nice to have a secondary interface that's a "view-only" type thing, with no authentication. This could be used to allow people to view the cameras but not modify anything. I realize that a 'guest' login would work as well, but this would just be simpler, not require any login, and totally remove elements of the interface that aren't needed (edit buttons, etc). (actually looks like this is pretty much answered: http://www.zoneminder.com/forums/viewto ... highlight= )


The other request I have for authentication is to allow http authentication. Users could still be configured in ZM, but basically instead of ZM prompting for a user/pass in HTML, it would just take any user passed to it via HTTP (if any) and use that as the user.

The reason for this is to basically allow external authentication- I auth a lot of my web apps against my LDAP directory using apache's mod_auth_ldap. This lets people login using their network username and password, and I can do things in apache like "require group security", which lets me restrict users based on their LDAP group membership. The benefit is that if they change their password on the network, it's instantly updated on all the web applications as well, they don't need to change it in every other application as well. This could of course be an optional mode, because not everyone wants to go through the overhead of configuring apache to use mod_auth_ldap or mod_auth_mysql or .htpasswd files or whatever.


While I'm making outlandish requests ;) , maybe the last thing would be to turn off the auto-resizing on the main console-- it's so irritating to use in a browser like firefox, where I have a bunch of other tabs open, it keeps resizing the whole window, even if it's not the active tab. It scales fine to any window size, so I'm not sure what the point of resizing it is.

Otherwise keep up the great work. If I get a chance, I'll look at implementing some of these (provided they're not done and/or no one else is working on them) when I get time. (What's the process for submitting patches
Top
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:
Contact zoneminder

Post by zoneminder »

There are some good suggestions here.

Just to take them in reverse order though, in recent versions of ZM you can stop the window resizing by unchecking Options->Web->ZM_WEB_RESIZE_CONSOLE which should do what you want.

I'm also interested in the http auth. Do you mean that the username and password from ZM would be passed through as an auth string to be verified by the server, in other words every request would have these headers. Or do you mean that the login etc would be handled by a browser basic auth dialog and ZM would just use ZM_REMOTE_USER as the usernamer and assume they are already authenticated?

Cheers

Phil
Top
gregmac
Posts: 17
Joined: Tue Mar 30, 2004 4:31 pm

Post by gregmac »

Ah, didn't see that option in there, thanks.

Yes, basically, ZM wouldn't do any authentication on its own (ie, ZM would never see the password at all). If it sees a username in $_SERVER["PHP_AUTH_USER"], it just assumes that the user is authenticated.

As an example, I have mod_auth_pam installed (sorry, thought I was using auth_ldap but apparently I'm just doing it via PAM). In my apache config for that site, I have:

<Directory "/home/apache/its.domain.com/security">
AuthType basic
AuthName "zoneminder"
require group security
</Directory>

This makes a password dialog popup and authenticates it against my PAM configuration for apache. Apache won't let it past unless it does authenticate.

At that point, ZM can load up the username that gets passed, and act as if that person logged in. A nice addition would be to have a default user, which it would use if it couldn't find an actual account -- this would just mean you could allow a large group of users basic access without having to make specific accounts for them.
Top
User avatar
zoneminder
Site Admin
Posts: 5215
Joined: Wed Jul 09, 2003 2:07 pm
Location: Bristol, UK
Contact:
Contact zoneminder

Post by zoneminder »

Ok. I see now. This shouldn't be too hard and I've added it to the pending enhancements list.

Phil
Top
Post Reply

Return to “Feature Requests”