version 1.4, 2004/03/10 17:52:07
|
version 1.5, 2004/03/10 19:24:13
|
|
|
<a href="#Commands">Commands</a> | <a href="#Commands">Commands</a> |
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
<a href="#Creating SSL certifications">Creating SSL certifications</a>. |
<a href="#Creating SSL certifications">Creating SSL certifications</a> |
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
<a href="#Configuring SSL">Configuring Pegasus to use SSL</a>. |
<a href="#Configuring SSL">Configuring Pegasus to use SSL</a> |
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
<a href="#Configuring PAM">Configuring Pegasus to use PAM</a>. |
<a href="#Configuring PAM">Configuring Pegasus to use PAM</a> |
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
<a href="#Testing with ICU enabled">Testing with ICU enabled </a> | <a href="#Testing with ICU enabled">Testing with ICU enabled </a> |
|
|
before embarking on this endeavour.<br><br> | before embarking on this endeavour.<br><br> |
| |
To configure Pegasus to take advantage of SSL, configure | To configure Pegasus to take advantage of SSL, configure |
cimserver_planned.conf to have: |
CIMServer to have the following configuration options set to: |
<blockquote><pre> | <blockquote><pre> |
sslTrustFilePath=client.pem | sslTrustFilePath=client.pem |
sslCertificateFilePath=server.pem | sslCertificateFilePath=server.pem |
|
|
httpsPort=5989 | httpsPort=5989 |
enableHttpsConnection=true | enableHttpsConnection=true |
</pre></blockquote> | </pre></blockquote> |
|
using the <b>cimconfig</b> utility: |
|
<blockquote><pre> |
|
cimconfig -p -s enableHttpsConnection=true |
|
</pre></blockquote><br> |
(The client.pem and server.pem are the certifications | (The client.pem and server.pem are the certifications |
files created per the steps in the earlier section). | files created per the steps in the earlier section). |
| |
For good riddance you might consider closing down | For good riddance you might consider closing down |
the cleartext 5988 port. Modify your cimserver_planned.conf |
the cleartext 5988 port. Modify your CIMServer configuration |
to include: | to include: |
<blockquote><pre> | <blockquote><pre> |
enableHttpConnection=false | enableHttpConnection=false |
</pre></blockquote> | </pre></blockquote> |
|
using <b>cimconfig</b>. |
<h1><a name="Configuring PAM">Configuring Pegasus to use PAM</a></h1><p> | <h1><a name="Configuring PAM">Configuring Pegasus to use PAM</a></h1><p> |
| |
In order to use PAM Authentication you have to compile Pegasus | In order to use PAM Authentication you have to compile Pegasus |
|
|
This notifies PAM what kind of libraries to use when authenticating | This notifies PAM what kind of libraries to use when authenticating |
Pegasus.</uL> | Pegasus.</uL> |
<ul> | <ul> |
b). Edit cimserver_planned.conf to include: |
b). Modify CIMServer configuration options: |
<blockquote><pre> | <blockquote><pre> |
usePAMAuthentication=true | usePAMAuthentication=true |
enableAuthentication=true | enableAuthentication=true |
|
|
<blockquote><pre> | <blockquote><pre> |
enableRemotePrivilegedUserAccess=true | enableRemotePrivilegedUserAccess=true |
</blockquote></pre> | </blockquote></pre> |
|
|
|
using the <b>cimconfig</b> utility, such as: |
|
<blockquote><pre> |
|
cimconfig -p -s usePAMAuthentication=true |
|
</pre></blockquote> |
</ul> | </ul> |
</ul> | </ul> |
The user is authenticated using HTTP Basic method, thererfore it is | The user is authenticated using HTTP Basic method, thererfore it is |