version 1.2, 2003/11/19 23:40:02
|
version 1.5, 2004/03/10 19:24:13
|
|
|
<p style="margin-top: 0; margin-bottom: 0"><b>PEP #:</b> 103</p> | <p style="margin-top: 0; margin-bottom: 0"><b>PEP #:</b> 103</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Title: </b>OpenPegasus Version 2.3 | <p style="margin-top: 0; margin-bottom: 0"><b>Title: </b>OpenPegasus Version 2.3 |
Release Readme file</p> | Release Readme file</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Version: </b>1.0</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Version: </b>1.1</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Created:</b> 12 November 2003</p> | <p style="margin-top: 0; margin-bottom: 0"><b>Created:</b> 12 November 2003</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Authors: </b>Karl Schopmeyer</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Authors: </b>Karl Schopmeyer, Konrad Rzeszutek</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Status: </b>draft</p> | <p style="margin-top: 0; margin-bottom: 0"><b>Status: </b>draft</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Version History:</b></p> | <p style="margin-top: 0; margin-bottom: 0"><b>Version History:</b></p> |
<table border="1" cellspacing="1" bordercolordark="#666666" | <table border="1" cellspacing="1" bordercolordark="#666666" |
|
|
<td>Update from 2.2 Release notes. Converted to HTML</td> | <td>Update from 2.2 Release notes. Converted to HTML</td> |
</tr> | </tr> |
<tr> | <tr> |
|
<td align="center">1.1</td> |
|
<td align="center">March 10 2004</td> |
|
<td align="center">Konrad Rzeszutek</td> |
|
<td>Added sections describing SSL and PAM configuration</td> |
|
</tr> |
|
<tr> |
<td align="center"> </td> | <td align="center"> </td> |
<td align="center"> </td> | <td align="center"> </td> |
<td align="center"> </td> | <td align="center"> </td> |
|
|
<a href="#Commands">Commands</a> | <a href="#Commands">Commands</a> |
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
<a href="#Creating SSL certifications">Creating SSL certifications</a>. |
<a href="#Creating SSL certifications">Creating SSL certifications</a> |
|
|
|
<p align="left" style="margin-top: 0; margin-bottom: 0"> |
|
<a href="#Configuring SSL">Configuring Pegasus to use SSL</a> |
|
|
|
<p align="left" style="margin-top: 0; margin-bottom: 0"> |
|
<a href="#Configuring PAM">Configuring Pegasus to use PAM</a> |
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
<a href="#Testing with ICU enabled">Testing with ICU enabled </a> | <a href="#Testing with ICU enabled">Testing with ICU enabled </a> |
|
|
bin/tomof CIM_Config (extract CIM_Config from repository and present it in MOF type) | bin/tomof CIM_Config (extract CIM_Config from repository and present it in MOF type) |
</pre> | </pre> |
</blockquote><h1><a name="Creating SSL certifications">Creating SSL certifications </a></h1><p> | </blockquote><h1><a name="Creating SSL certifications">Creating SSL certifications </a></h1><p> |
Type these commands in your shell to create the SSL certifications. The PEGASUS_ROOT and PEGASUS_HOME have to be set to your respective installation and source |
Please follow section <a href="#Notes about Building Pegasus with SSL">Notes on building Pegasus with SSL</a> before embarking on this endeavour. |
directory. <blockquote><pre>CN="Common Name" |
<br><br> |
|
Type these commands in your shell to create the SSL certifications. The PEGASUS_ROOT |
|
and PEGASUS_HOME have to be set to your respective installation and source directory. |
|
|
|
<blockquote><pre>CN="Common Name" |
EMAIL="test@email.address" | EMAIL="test@email.address" |
HOSTNAME=`uname -n` | HOSTNAME=`uname -n` |
sed -e "s/$CN/$HOSTNAME/" \ | sed -e "s/$CN/$HOSTNAME/" \ |
|
|
cat $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem > $PEGASUS_HOME/server.pem | cat $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem > $PEGASUS_HOME/server.pem |
rm $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem | rm $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem |
cp $PEGASUS_HOME/cert.pem $PEGASUS_HOME/client.pem | cp $PEGASUS_HOME/cert.pem $PEGASUS_HOME/client.pem |
</pre></blockquote><h1><a name="Testing with ICU enabled">Testing with ICU enabled</a></h1><p> |
|
|
</pre></blockquote> |
|
<h1><a name="Configuring SSL">Configuring Pegasus to use SSL</a></h1><p> |
|
|
|
Please follow section <a href="#Notes about Building Pegasus with SSL">Notes on building Pegasus with SSL</a> and <a href="#Creating SSL certifications">Creating SSL certifications</a> |
|
before embarking on this endeavour.<br><br> |
|
|
|
To configure Pegasus to take advantage of SSL, configure |
|
CIMServer to have the following configuration options set to: |
|
<blockquote><pre> |
|
sslTrustFilePath=client.pem |
|
sslCertificateFilePath=server.pem |
|
sslKeyFilePath=file.pem |
|
httpsPort=5989 |
|
enableHttpsConnection=true |
|
</pre></blockquote> |
|
using the <b>cimconfig</b> utility: |
|
<blockquote><pre> |
|
cimconfig -p -s enableHttpsConnection=true |
|
</pre></blockquote><br> |
|
(The client.pem and server.pem are the certifications |
|
files created per the steps in the earlier section). |
|
|
|
For good riddance you might consider closing down |
|
the cleartext 5988 port. Modify your CIMServer configuration |
|
to include: |
|
<blockquote><pre> |
|
enableHttpConnection=false |
|
</pre></blockquote> |
|
using <b>cimconfig</b>. |
|
<h1><a name="Configuring PAM">Configuring Pegasus to use PAM</a></h1><p> |
|
|
|
In order to use PAM Authentication you have to compile Pegasus |
|
with one extra enviroment flags: |
|
<blockquote><pre> |
|
PEGASUS_PAM_AUTHENTICATION=1 |
|
</blockquote></pre> |
|
You can also set the PEGASUS_ALWAYS_USE_PAM=1 flag to disable |
|
Pegasus password authentication using a flag text-file (recommended). |
|
<br> |
|
After compiling (refer to section <a href="#Building Pegasus">Building Pegasus </a> |
|
for details), follow these two important steps: |
|
<br> |
|
<ul> |
|
<ul>a). Copy the rpm/wbem file in-to /etc/pam.d directory. |
|
This notifies PAM what kind of libraries to use when authenticating |
|
Pegasus.</uL> |
|
<ul> |
|
b). Modify CIMServer configuration options: |
|
<blockquote><pre> |
|
usePAMAuthentication=true |
|
enableAuthentication=true |
|
</blockquote></pre> |
|
And if you want to allow 'root' to login (*not recommended*) |
|
|
|
<blockquote><pre> |
|
enableRemotePrivilegedUserAccess=true |
|
</blockquote></pre> |
|
|
|
using the <b>cimconfig</b> utility, such as: |
|
<blockquote><pre> |
|
cimconfig -p -s usePAMAuthentication=true |
|
</pre></blockquote> |
|
</ul> |
|
</ul> |
|
The user is authenticated using HTTP Basic method, thererfore it is |
|
strongly suggested you use SSL connection instead of normal HTTP connection. |
|
Refer to section |
|
<a href="#Configuring SSL">Configuring Pegasus to use SSL</a> for more details on creating and using SSL keys. |
|
</p> |
|
<h1><a name="Testing with ICU enabled">Testing with ICU enabled</a></h1><p> |
ICU (International Components for Unicode) refers to the set of libraries that | ICU (International Components for Unicode) refers to the set of libraries that |
Pegasus uses to run globalized. For example: these libraries are used to | Pegasus uses to run globalized. For example: these libraries are used to |
load messages in different languages, format currency and numbers according to | load messages in different languages, format currency and numbers according to |