|
version 1.2, 2003/11/19 23:40:02
|
version 1.2.8.3, 2004/03/10 20:20:23
|
|
|
|
| <p style="margin-top: 0; margin-bottom: 0"><b>PEP #:</b> 103</p> | <p style="margin-top: 0; margin-bottom: 0"><b>PEP #:</b> 103</p> |
| <p style="margin-top: 0; margin-bottom: 0"><b>Title: </b>OpenPegasus Version 2.3 | <p style="margin-top: 0; margin-bottom: 0"><b>Title: </b>OpenPegasus Version 2.3 |
| Release Readme file</p> | Release Readme file</p> |
| <p style="margin-top: 0; margin-bottom: 0"><b>Version: </b>1.0</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Version: </b>1.1</p> |
| <p style="margin-top: 0; margin-bottom: 0"><b>Created:</b> 12 November 2003</p> | <p style="margin-top: 0; margin-bottom: 0"><b>Created:</b> 12 November 2003</p> |
| <p style="margin-top: 0; margin-bottom: 0"><b>Authors: </b>Karl Schopmeyer</p> |
<p style="margin-top: 0; margin-bottom: 0"><b>Authors: </b>Karl Schopmeyer, Konrad Rzeszutek</p> |
| <p style="margin-top: 0; margin-bottom: 0"><b>Status: </b>draft</p> | <p style="margin-top: 0; margin-bottom: 0"><b>Status: </b>draft</p> |
| <p style="margin-top: 0; margin-bottom: 0"><b>Version History:</b></p> | <p style="margin-top: 0; margin-bottom: 0"><b>Version History:</b></p> |
| <table border="1" cellspacing="1" bordercolordark="#666666" | <table border="1" cellspacing="1" bordercolordark="#666666" |
|
|
|
| <td>Update from 2.2 Release notes. Converted to HTML</td> | <td>Update from 2.2 Release notes. Converted to HTML</td> |
| </tr> | </tr> |
| <tr> | <tr> |
| |
<td align="center">1.1</td> |
| |
<td align="center">March 10 2004</td> |
| |
<td align="center">Konrad Rzeszutek</td> |
| |
<td>Added sections describing SSL and PAM configuration</td> |
| |
</tr> |
| |
<tr> |
| <td align="center"> </td> | <td align="center"> </td> |
| <td align="center"> </td> | <td align="center"> </td> |
| <td align="center"> </td> | <td align="center"> </td> |
|
|
|
| <a href="#Commands">Commands</a> | <a href="#Commands">Commands</a> |
| | |
| <p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
| <a href="#Creating SSL certifications">Creating SSL certifications</a>. |
<a href="#Creating SSL certifications">Creating SSL certifications</a> |
| |
|
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> |
| |
<a href="#Configuring SSL">Configuring Pegasus to use SSL</a> |
| |
|
| |
<p align="left" style="margin-top: 0; margin-bottom: 0"> |
| |
<a href="#Configuring PAM">Configuring Pegasus to use PAM</a> |
| | |
| <p align="left" style="margin-top: 0; margin-bottom: 0"> | <p align="left" style="margin-top: 0; margin-bottom: 0"> |
| <a href="#Testing with ICU enabled">Testing with ICU enabled </a> | <a href="#Testing with ICU enabled">Testing with ICU enabled </a> |
|
|
|
| bin/tomof CIM_Config (extract CIM_Config from repository and present it in MOF type) | bin/tomof CIM_Config (extract CIM_Config from repository and present it in MOF type) |
| </pre> | </pre> |
| </blockquote><h1><a name="Creating SSL certifications">Creating SSL certifications </a></h1><p> | </blockquote><h1><a name="Creating SSL certifications">Creating SSL certifications </a></h1><p> |
| Type these commands in your shell to create the SSL certifications. The PEGASUS_ROOT and PEGASUS_HOME have to be set to your respective installation and source |
Please follow section <a href="#Notes about Building Pegasus with SSL">Notes on building Pegasus with SSL</a> before embarking on this endeavour. |
| directory. <blockquote><pre>CN="Common Name" |
<br><br> |
| |
Type these commands in your shell to create the SSL certifications. The PEGASUS_ROOT |
| |
and PEGASUS_HOME have to be set to your respective installation and source directory. |
| |
|
| |
<blockquote><pre>CN="Common Name" |
| EMAIL="test@email.address" | EMAIL="test@email.address" |
| HOSTNAME=`uname -n` | HOSTNAME=`uname -n` |
| sed -e "s/$CN/$HOSTNAME/" \ | sed -e "s/$CN/$HOSTNAME/" \ |
|
|
|
| cat $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem > $PEGASUS_HOME/server.pem | cat $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem > $PEGASUS_HOME/server.pem |
| rm $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem | rm $PEGASUS_HOME/key.pem $PEGASUS_HOME/cert.pem |
| cp $PEGASUS_HOME/cert.pem $PEGASUS_HOME/client.pem | cp $PEGASUS_HOME/cert.pem $PEGASUS_HOME/client.pem |
| </pre></blockquote><h1><a name="Testing with ICU enabled">Testing with ICU enabled</a></h1><p> |
|
| |
</pre></blockquote> |
| |
<h1><a name="Configuring SSL">Configuring Pegasus to use SSL</a></h1><p> |
| |
|
| |
Please follow section <a href="#Notes about Building Pegasus with SSL">Notes on building Pegasus with SSL</a> and <a href="#Creating SSL certifications">Creating SSL certifications</a> |
| |
before embarking on this endeavour.<br><br> |
| |
|
| |
To configure Pegasus to take advantage of SSL, configure |
| |
CIMServer to have the following configuration options set to: |
| |
<blockquote><pre> |
| |
sslTrustFilePath=client.pem |
| |
sslCertificateFilePath=server.pem |
| |
sslKeyFilePath=file.pem |
| |
httpsPort=5989 |
| |
enableHttpsConnection=true |
| |
</pre></blockquote> |
| |
using the <b>cimconfig</b> utility: |
| |
<blockquote><pre> |
| |
cimconfig -p -s enableHttpsConnection=true |
| |
</pre></blockquote><br> |
| |
(The client.pem and server.pem are the certifications |
| |
files created per the steps in the earlier section). |
| |
|
| |
For good riddance you might consider closing down |
| |
the cleartext 5988 port. Modify your CIMServer configuration |
| |
to include: |
| |
<blockquote><pre> |
| |
enableHttpConnection=false |
| |
</pre></blockquote> |
| |
using <b>cimconfig</b>. |
| |
<h1><a name="Configuring PAM">Configuring Pegasus to use PAM</a></h1><p> |
| |
|
| |
In order to use PAM Authentication you have to compile Pegasus |
| |
with one extra enviroment flags: |
| |
<blockquote><pre> |
| |
PEGASUS_PAM_AUTHENTICATION=1 |
| |
</blockquote></pre> |
| |
You can also set the PEGASUS_ALWAYS_USE_PAM=1 flag to disable |
| |
Pegasus password authentication using a flag text-file (recommended). |
| |
<br> |
| |
After compiling (refer to section <a href="#Building Pegasus">Building Pegasus </a> |
| |
for details), follow these two important steps: |
| |
<br> |
| |
<ul> |
| |
<ul>a). Copy the rpm/wbem file in-to /etc/pam.d directory. |
| |
This notifies PAM what kind of libraries to use when authenticating |
| |
Pegasus.</uL> |
| |
<ul> |
| |
b). Modify CIMServer configuration options: |
| |
<blockquote><pre> |
| |
usePAMAuthentication=true |
| |
enableAuthentication=true |
| |
</blockquote></pre> |
| |
And if you want to allow 'root' to login (*not recommended*) |
| |
|
| |
<blockquote><pre> |
| |
enableRemotePrivilegedUserAccess=true |
| |
</blockquote></pre> |
| |
|
| |
using the <b>cimconfig</b> utility, such as: |
| |
<blockquote><pre> |
| |
cimconfig -p -s usePAMAuthentication=true |
| |
</pre></blockquote> |
| |
</ul> |
| |
</ul> |
| |
The user is authenticated using HTTP Basic method, thererfore it is |
| |
strongly suggested you use SSL connection instead of normal HTTP connection. |
| |
Refer to section |
| |
<a href="#Configuring SSL">Configuring Pegasus to use SSL</a> for more details on creating and using SSL keys. |
| |
</p> |
| |
<h1><a name="Testing with ICU enabled">Testing with ICU enabled</a></h1><p> |
| ICU (International Components for Unicode) refers to the set of libraries that | ICU (International Components for Unicode) refers to the set of libraries that |
| Pegasus uses to run globalized. For example: these libraries are used to | Pegasus uses to run globalized. For example: these libraries are used to |
| load messages in different languages, format currency and numbers according to | load messages in different languages, format currency and numbers according to |
Return to
readme.html
CVS log
Up to [Pegasus] / pegasus / Attic