1. The user that runs cimervermain is determined as follows. (1) Look for serverUser configuration option on command line. (2) Look for serverUser configuration option in planned configuration file. (3) Use the owner of the cimservermain program (if not root). (4) Use "pegasus" (the default user). 2. All files but the repository are owned by root. The cimservermain process may read any of the root owned files, but it must ask the executor to modify them. 3. The executor gives ownership of the repository to the server user upon startup. 4. Executor checks whether Pegasus repository exists and errors out if not. 5. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket). 6. For logging purposes, the executor uses "cimexecutor" as its syslog identifier. 7. Setting up PAM authentiction (non-standalone). First compile with PEGASUS_PAM_AUTHENTICATION. Next install the PAM configuration file. % cd $PEGASUS_ROOT % cp rpm/wbem /etc/pam.d % chmod 0644 /etc/pam.d/wbem 8. To build for standalone PAM authentication, compile with these: PEGASUS_PAM_AUTHENTICATION PEGASUS_USE_PAM_STANDALONE_PROC 9. To run cimserver to use PAM, use these configuration parameters. enableAuthentication=true 10. To build SSL support, compile with these. OPENSSL_HOME=/usr PEGASUS_HAS_SSL=true 11. To run cimerver to use SSL, use these configuration parameters. enableHttpsConnection=true enableAuthentication=true sslClientVerificationMode=optional sslTrustStoreUserName=root 12. To add a user to cimserver.passwd, use the following format (the given user must be a real system user). jsmith:AB5bZ.JX9fQzA Use the following program to generate the password (at least on Linux). #define _XOPEN_SOURCE #include #include int main() { printf("%s\n", crypt("changeme", "AB")); return 0; } Compile and link the program as follows. % gcc -o mkpasswd mkpasswd.cpp -lcrypt 13. The KerberosAuthenticationHandler.h and all Kerberos authentication logic is not part of the Pegasus repository.