version 1.50, 2014/10/29 11:07:56
|
version 1.53, 2015/04/23 13:27:54
|
|
|
<b>Required: </b>No | <b>Required: </b>No |
</ul> | </ul> |
| |
|
<h5>PEGASUS_ENABLE_SESSION_COOKIES</h5> |
|
<ul> |
|
<b>Description: </b>If set to 'true', the OpenPegasus CIM server will |
|
use HTTP cookies for session management (RFC 6265). |
|
<br> |
|
After a successful client authentication the client is given a cookie. The |
|
client is then not asked for re-authentication as long as it provides the |
|
same cookie in all subsequent requests and until the session expires. Session |
|
expiry is configurable using httpSessionTimeout configuration option. |
|
<br> |
|
Nothing changes for clients that do not support HTTP cookies (RFC 6465) - |
|
their requests are authenticated as usual, either using Basic or Negotiate |
|
authentication mechanisms. |
|
<br> |
|
Purpose of this option is to speed up request processing - both Basic |
|
and Negotiate authentication can take some time, which will form large |
|
fraction of system load on busy servers. |
|
<b>Default Value: </b>true (on supported platforms, see below)<br> |
|
<b>Recommended Value (Development Build): </b>true<br> |
|
<b>Recommended Value (Release Build): </b>true<br> |
|
<b>Required: </b>No<p></p> |
|
<b>Considerations: </b> This option can be set to true only when the |
|
underlying platform providers cryptographically strong random numbers |
|
(to generate strong session ID). Currently these platforms are |
|
zOS (using native API) and any platform with OpenSSL. |
|
In other words, PEGASUS_ENABLE_SESSION_COOKIES can be enabled only |
|
when PEGASUS_HAS_SSL is set or on zOS. |
|
<br><br> |
|
Note that while this option is enabled by default (i.e. the code is |
|
compiled), it is still turned off in default runtime configuration. |
|
System administrators must explicitly set httpSessionTimeout configuration |
|
option to nozero value to enable this feature. |
|
</ul> |
|
|
|
|
<h5>PEGASUS_ENABLE_SLP</h5> | <h5>PEGASUS_ENABLE_SLP</h5> |
| |
<ul> | <ul> |
|
|
PEGASUS_PLATFORM environment variable is not set. | PEGASUS_PLATFORM environment variable is not set. |
</ul> | </ul> |
| |
|
<h5>PEGASUS_POSIX_TIMED_LOCK</h5> |
|
<ul> |
|
<b>Description: </b>If true, the CIM Server is compiled using |
|
POSIX pthread_mutex_timedlock() call. Since this call is marked |
|
as optional in POSIX, the platforms without this call must |
|
compile with PEGASUS_POSIX_TIMED_LOCK=false. |
|
<br> |
|
<b>Default Value: </b>true<br> |
|
<b>Recommended Value (Development Build): </b>true (on |
|
platforms with full POSIX support).<br> |
|
<b>Recommended Value (Release Build): </b>true (on |
|
platforms with full POSIX support).<br> |
|
<b>Required: </b>No<br> |
|
<b>Considerations: </b><br> |
|
</ul> |
|
|
<h5>PEGASUS_REMOVE_METHODTRACE</h5> | <h5>PEGASUS_REMOVE_METHODTRACE</h5> |
<ul> | <ul> |
<b>Description: </b>If true, the CIM Server is compiled without | <b>Description: </b>If true, the CIM Server is compiled without |
|
|
</tbody></table> | </tbody></table> |
</ul> | </ul> |
| |
|
<h5>httpSessionTimeout</h5> |
|
<ul> |
|
<b>Description: </b>If set to a positive integer, this value |
|
specifies a HTTP session lifetime in seconds. |
|
<br> |
|
After initial authentication using standard HTTP mechanisms |
|
(HTTP Basic or Negotiate authentication), the server generates a cookie |
|
and sends it back to the client, as described in RFC 6265. The client |
|
can then use the cookie in subsequent requests to skip the usual HTTP |
|
authentication. The cookie is valid only for period of time specified by |
|
this configuration option. |
|
<br> |
|
If set to zero, session management is turned off and CIM server will not |
|
issue cookies. |
|
<br> |
|
This option is available only when Pegasus was compiled with |
|
PEGASUS_ENABLE_SESSION_COOKIES set to 'true'. |
|
<br> |
|
<b>Recommended Default Value (Development Build): </b>0<br> |
|
<b>Recommended Default Value (Release Build): </b>0<br> |
|
<b>Recommend To Be Fixed/Hidden (Development Build): </b>No/No<br> |
|
<b>Recommend To Be Fixed/Hidden (Release Build): </b>No/No<br> |
|
<b>Dynamic?: </b>Yes<br> |
|
<b>Considerations: </b> |
|
The session timeout should be set to relatively small number (e.g. 30) to |
|
ensure the window, when the a potentially stolen cookie can be re-used, is |
|
quite small. This means every client will be re-authenticated the usual way |
|
(HTTP Basic or Negotiate) at least every 30 seconds. |
|
<br> |
|
</ul> |
|
|
|
|
<h5>idleConnectionTimeout</h5> | <h5>idleConnectionTimeout</h5> |
<ul> | <ul> |
<b>Description: </b>If set to a positive integer, this value | <b>Description: </b>If set to a positive integer, this value |