Is there a way to authenticate inventory submissions to the GLPI server? #945
presotto-m
started this conversation in
General
Replies: 1 comment
-
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Your question
Hello,
While using the GLPI Agent, I noticed that it's possible to send inventory data to the GLPI server without any kind of authentication or token. For example, if someone sends a valid inventory XML or JSON payload to the GLPI endpoint, the server will accept it and process it, even if the source is unknown or unauthorized.
This raises a few concerns:
Is there a way to require authentication (such as a token, key, or credentials) before accepting inventory submissions?
If not, is there any plan to implement such authentication mechanisms to avoid unauthorized agents injecting data into the GLPI inventory?
Are there workarounds or best practices to restrict which hosts can send inventory data (e.g. by IP filtering, agent keys, etc.)?
Thank you for your work and support!
Beta Was this translation helpful? Give feedback.
All reactions