version 1.16.2.3, 2004/03/10 20:20:23
|
version 1.17, 2004/03/09 21:38:27
|
|
|
Tagline: OpenPegasus is an object manager for DMTF CIM objects written in C++ | Tagline: OpenPegasus is an object manager for DMTF CIM objects written in C++ |
and supported by The Open Group | and supported by The Open Group |
| |
STATUS: Revised March 10 to match Pegasus release 2.3 |
STATUS: Revised October 2003 to match Pegasus release 2.3 |
| |
NOTE: Obsolete. See readme.html | NOTE: Obsolete. See readme.html |
Contents: | Contents: |
|
|
15. Commands | 15. Commands |
16. Creating SSL certifications. | 16. Creating SSL certifications. |
17. Configuring Pegasus to use SSL | 17. Configuring Pegasus to use SSL |
18. Configuring Pegasus to use PAM |
18. Testing with ICU enabled |
19. Testing with ICU enabled |
19. Documentation |
20. Documentation |
20. Participate |
21. Participate |
|
| |
| |
| |
|
|
Please follow section 11 and 16 before reading this section. | Please follow section 11 and 16 before reading this section. |
| |
To configure Pegasus to take advantage of SSL, configure | To configure Pegasus to take advantage of SSL, configure |
CIMserver to have the following configuration options set to: |
cimserver_planned.conf to have: |
| |
sslTrustFilePath=client.pem | sslTrustFilePath=client.pem |
sslCertificateFilePath=server.pem | sslCertificateFilePath=server.pem |
|
|
httpsPort=5989 | httpsPort=5989 |
enableHttpsConnection=true | enableHttpsConnection=true |
| |
using the 'cimconfig' utility: |
|
|
|
cimconfig -p -s enableHttpsConnection=true |
|
|
|
(The client.pem and server.pem are the certifications | (The client.pem and server.pem are the certifications |
files created per the steps in the earlier section). | files created per the steps in the earlier section). |
| |
For good riddance you might consider closing down | For good riddance you might consider closing down |
the cleartext 5988 port. Modify your CIMserver to |
the cleartext 5988 port. Modify your cimserver_planned.conf |
(using 'cimconfig') to have the option: |
to include: |
| |
enableHttpConnection=false | enableHttpConnection=false |
| |
18.PAM Authentication |
18. Testing with ICU enabled: |
=================== |
|
|
|
In order to use PAM Authentication you have to compile Pegasus |
|
with one extra enviroment flags: |
|
|
|
PEGASUS_PAM_AUTHENTICATION=1 |
|
|
|
You can also set the PEGASUS_ALWAYS_USE_PAM=1 flag to disable |
|
Pegasus password authentication using a flag text-file (recommended). |
|
|
|
After compiling (refer to section 17 for details), follow these two |
|
important steps: |
|
|
|
a). Copy the rpm/wbem file in-to /etc/pam.d directory. |
|
This notifies PAM what kind of libraries to use when authenticating |
|
Pegasus. |
|
b). Modify CIMserver configuration options: |
|
|
|
usePAMAuthentication=true |
|
enableAuthentication=true |
|
|
|
And if you want to allow 'root' (*not recommended*) |
|
enableRemotePrivilegedUserAccess=true |
|
|
|
using the 'cimconfig' operation, such as: |
|
|
|
cimconfig -p -s usePAMAuthentication=true |
|
|
|
The user is authenticated using HTTP Basic method, thererfore it is |
|
strongly suggested you use SSL connection instead of normal HTTP connection. |
|
Refer to section 16 for more details on creating and using SSL keys. |
|
|
|
19. Testing with ICU enabled: |
|
============================== | ============================== |
| |
ICU (International Compoments for Unicode) refers to the set of libraries that | ICU (International Compoments for Unicode) refers to the set of libraries that |
|
|
If this variable is left defined, Pegasus will not be able to load messages | If this variable is left defined, Pegasus will not be able to load messages |
using ICU resource bundles. | using ICU resource bundles. |
| |
20. Documentation: |
19. Documentation: |
=================== | =================== |
| |
The documentation is currently in preperation. The preliminary documentation | The documentation is currently in preperation. The preliminary documentation |
|
|
design documentation. | design documentation. |
| |
| |
21. Participate! |
20. Participate! |
================= | ================= |
| |
We are looking for people who want to join the Pegasus work group and | We are looking for people who want to join the Pegasus work group and |