version 1.18, 2004/03/10 17:52:07
|
version 1.19, 2004/03/10 19:24:13
|
|
|
Please follow section 11 and 16 before reading this section. | Please follow section 11 and 16 before reading this section. |
| |
To configure Pegasus to take advantage of SSL, configure | To configure Pegasus to take advantage of SSL, configure |
cimserver_planned.conf to have: |
CIMserver to have the following configuration options set to: |
| |
sslTrustFilePath=client.pem | sslTrustFilePath=client.pem |
sslCertificateFilePath=server.pem | sslCertificateFilePath=server.pem |
|
|
httpsPort=5989 | httpsPort=5989 |
enableHttpsConnection=true | enableHttpsConnection=true |
| |
|
using the 'cimconfig' utility: |
|
|
|
cimconfig -p -s enableHttpsConnection=true |
|
|
(The client.pem and server.pem are the certifications | (The client.pem and server.pem are the certifications |
files created per the steps in the earlier section). | files created per the steps in the earlier section). |
| |
For good riddance you might consider closing down | For good riddance you might consider closing down |
the cleartext 5988 port. Modify your cimserver_planned.conf |
the cleartext 5988 port. Modify your CIMserver to |
to include: |
(using 'cimconfig') to have the option: |
| |
enableHttpConnection=false | enableHttpConnection=false |
| |
|
|
a). Copy the rpm/wbem file in-to /etc/pam.d directory. | a). Copy the rpm/wbem file in-to /etc/pam.d directory. |
This notifies PAM what kind of libraries to use when authenticating | This notifies PAM what kind of libraries to use when authenticating |
Pegasus. | Pegasus. |
b). Edit cimserver_planned.conf to include: |
b). Modify CIMserver configuration options: |
| |
usePAMAuthentication=true | usePAMAuthentication=true |
enableAuthentication=true | enableAuthentication=true |
|
|
And if you want to allow 'root' (*not recommended*) | And if you want to allow 'root' (*not recommended*) |
enableRemotePrivilegedUserAccess=true | enableRemotePrivilegedUserAccess=true |
| |
|
using the 'cimconfig' operation, such as: |
|
|
|
cimconfig -p -s usePAMAuthentication=true |
|
|
The user is authenticated using HTTP Basic method, thererfore it is | The user is authenticated using HTTP Basic method, thererfore it is |
strongly suggested you use SSL connection instead of normal HTTP connection. | strongly suggested you use SSL connection instead of normal HTTP connection. |
Refer to section 16 for more details on creating and using SSL keys. | Refer to section 16 for more details on creating and using SSL keys. |