1. The user that runs cimervermain is determined as follows. (1) Look for serverUser configuration option on command line. (2) Look for serverUser configuration option in planned configuration file. (3) Use the owner of the cimservermain program (if not root). (4) Use "pegasus" (the default user). 2. All files but the repository are owned by root. The cimservermain process may read any of the root owned files, but it must ask the executor to modify the file system. 3. Cimservermain must own the repository and all files beneath. The executor automatically sets ownership for these files upon startup. 4. Provider agent is run as root, whenever the same user as server is requested. 5. Executor checks whether Pegasus repository exists and errors out if not. 7. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket). 8. For logging purposes, the executor uses "cimexecutor" as its syslog identifier. 9. Setting up PAM authentiction (non-standalone). First compile with PEGASUS_PAM_AUTHENTICATION. Next install the PAM configuration file. % cd $PEGASUS_ROOT % cp rpm/wbem /etc/pam.d % chmod 0644 /etc/pam.d/wbem 10. Setting up standalone PAM authentication. Compile with PEGASUS_PAM_AUTHENTICATION and PEGASUS_USE_PAM_STANDALONE_PROC. 11. Running the SSL tests. Run server like this: % cimserver enableHttpsConnection=true enableAuthentication=true sslClientVerificationMode=optional sslTrustStoreUserName=root Run test like this: % make -f TestMakefile run_SSL_TS1 % chown pegasus.pegasus /opt/pegasus/cimserver_trust % chown pegasus.pegasus /opt/pegasus/crl 12. Interesting functions. SSL_CTX_use_PrivateKey_file() EVP_PKEY *PEM_read_PrivateKey( FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);