|
version 1.49, 2014/10/12 00:04:17
|
version 1.52, 2014/11/10 16:14:05
|
|
|
|
| <b>Required: </b>No | <b>Required: </b>No |
| </ul> | </ul> |
| | |
| |
<h5>PEGASUS_ENABLE_SESSION_COOKIES</h5> |
| |
<ul> |
| |
<b>Description: </b>If set to 'true', the OpenPegasus CIM server will |
| |
use HTTP cookies for session management (RFC 6265). |
| |
<br> |
| |
After a successful client authentication the client is given a cookie. The |
| |
client is then not asked for re-authentication as long as it provides the |
| |
same cookie in all subsequent requests and until the session expires. Session |
| |
expiry is configurable using httpSessionTimeout configuration option. |
| |
<br> |
| |
Nothing changes for clients that do not support HTTP cookies (RFC 6465) - |
| |
their requests are authenticated as usual, either using Basic or Negotiate |
| |
authentication mechanisms. |
| |
<br> |
| |
Purpose of this option is to speed up request processing - both Basic |
| |
and Negotiate authentication can take some time, which will form large |
| |
fraction of system load on busy servers. |
| |
<b>Default Value: </b>true (on supported platforms, see below)<br> |
| |
<b>Recommended Value (Development Build): </b>true<br> |
| |
<b>Recommended Value (Release Build): </b>true<br> |
| |
<b>Required: </b>No<p></p> |
| |
<b>Considerations: </b> This option can be set to true only when the |
| |
underlying platform providers cryptographically strong random numbers |
| |
(to generate strong session ID). Currently these platforms are |
| |
zOS (using native API) and any platform with OpenSSL. |
| |
In other words, PEGASUS_ENABLE_SESSION_COOKIES can be enabled only |
| |
when PEGASUS_HAS_SSL is set or on zOS. |
| |
<br><br> |
| |
Note that while this option is enabled by default (i.e. the code is |
| |
compiled), it is still turned off in default runtime configuration. |
| |
System administrators must explicitly set httpSessionTimeout configuration |
| |
option to nozero value to enable this feature. |
| |
</ul> |
| |
|
| |
|
| <h5>PEGASUS_ENABLE_SLP</h5> | <h5>PEGASUS_ENABLE_SLP</h5> |
| | |
| <ul> | <ul> |
|
|
|
| Pegasus/Config/DefaultPropertyOwner.cpp | Pegasus/Config/DefaultPropertyOwner.cpp |
| </ul> | </ul> |
| | |
| |
<h5>httpAuthType</h5> |
| |
<ul> |
| |
<b>Description: </b>Type of HTTP authentication. Allowed values are |
| |
'basic', indicating basic authentication or 'negotiate' indicating use of |
| |
HTPP Negotiate authentication method. This variable is effective only when |
| |
'enableAuthentication' variable is set to 'true'.<br> |
| |
<b>Default Value: </b>basic<br> |
| |
<b>Recommended Default Value (Development Build): </b>basic<br> |
| |
<b>Recommended Default Value (Release Build): </b>basic<br> |
| |
<b>Recommend To Be Fixed/Hidden (Development Build): </b>No/No<br> |
| |
<b>Recommend To Be Fixed/Hidden (Release Build): </b>No<br> |
| |
<b>Dynamic?: </b>No<br> |
| |
<b>Considerations: </b>Value 'negotiate' is available only when Pegasus |
| |
is compiled with PEGASUS_NEGOTIATE_AUTHENTICATION=true.<br> |
| |
<b>Source Configuration File: </b> |
| |
Pegasus/Config/SecurityPropertyOwner.cpp |
| |
</ul> |
| |
|
| <h5>httpPort</h5> | <h5>httpPort</h5> |
| | |
| <ul> | <ul> |
|
|
|
| </tbody></table> | </tbody></table> |
| </ul> | </ul> |
| | |
| |
<h5>httpSessionTimeout</h5> |
| |
<ul> |
| |
<b>Description: </b>If set to a positive integer, this value |
| |
specifies a HTTP session lifetime in seconds. |
| |
<br> |
| |
After initial authentication using standard HTTP mechanisms |
| |
(HTTP Basic or Negotiate authentication), the server generates a cookie |
| |
and sends it back to the client, as described in RFC 6265. The client |
| |
can then use the cookie in subsequent requests to skip the usual HTTP |
| |
authentication. The cookie is valid only for period of time specified by |
| |
this configuration option. |
| |
<br> |
| |
If set to zero, session management is turned off and CIM server will not |
| |
issue cookies. |
| |
<br> |
| |
This option is available only when Pegasus was compiled with |
| |
PEGASUS_ENABLE_SESSION_COOKIES set to 'true'. |
| |
<br> |
| |
<b>Recommended Default Value (Development Build): </b>0<br> |
| |
<b>Recommended Default Value (Release Build): </b>0<br> |
| |
<b>Recommend To Be Fixed/Hidden (Development Build): </b>No/No<br> |
| |
<b>Recommend To Be Fixed/Hidden (Release Build): </b>No/No<br> |
| |
<b>Dynamic?: </b>Yes<br> |
| |
<b>Considerations: </b> |
| |
The session timeout should be set to relatively small number (e.g. 30) to |
| |
ensure the window, when the a potentially stolen cookie can be re-used, is |
| |
quite small. This means every client will be re-authenticated the usual way |
| |
(HTTP Basic or Negotiate) at least every 30 seconds. |
| |
<br> |
| |
</ul> |
| |
|
| |
|
| <h5>idleConnectionTimeout</h5> | <h5>idleConnectionTimeout</h5> |
| <ul> | <ul> |
| <b>Description: </b>If set to a positive integer, this value | <b>Description: </b>If set to a positive integer, this value |
Return to
BuildAndReleaseOptions.html
CVS log
Up to [Pegasus] / pegasus / doc