version 1.1, 2006/12/28 03:59:20
|
version 1.1.2.11, 2007/01/09 23:26:21
|
|
|
|
|
|
1. The user that runs cimervermain is determined by the |
|
PEGASUS_CIMSERVERMAIN_USER constant defined in |
|
<Pegasus/Common/Constants.h> |
|
|
|
2. All files but the repository are owned by root. The cimservermain |
|
process may read any of the root owned files, but it must ask the |
|
executor to modify them. |
|
|
|
3. The executor gives ownership of the repository to the server user |
|
upon startup. |
|
|
|
4. Executor checks whether Pegasus repository exists and errors out |
|
if not. |
|
|
|
5. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket). |
|
|
|
6. For logging purposes, the executor uses "cimexecutor" as its syslog |
|
identifier. |
|
|
|
7. Setting up PAM authentiction (non-standalone). |
|
|
|
First compile with PEGASUS_PAM_AUTHENTICATION. |
|
|
|
Next install the PAM configuration file. |
|
|
|
% cd $PEGASUS_ROOT |
|
% cp rpm/wbem /etc/pam.d |
|
% chmod 0644 /etc/pam.d/wbem |
|
|
|
8. To build for standalone PAM authentication, compile with these: |
|
|
|
PEGASUS_PAM_AUTHENTICATION |
|
PEGASUS_USE_PAM_STANDALONE_PROC |
|
|
|
9. To run cimserver to use PAM, use these configuration parameters. |
|
|
|
enableAuthentication=true |
|
|
|
10. To build SSL support, compile with these. |
|
|
|
OPENSSL_HOME=/usr |
|
PEGASUS_HAS_SSL=true |
|
|
|
11. To run cimerver to use SSL, use these configuration parameters. |
|
|
|
enableHttpsConnection=true |
|
enableAuthentication=true |
|
sslClientVerificationMode=optional |
|
sslTrustStoreUserName=root |
|
|
|
12. To add a user to cimserver.passwd, use the following format (the given |
|
user must be a real system user). |
|
|
|
jsmith:AB5bZ.JX9fQzA |
|
|
|
Use the following program to generate the password (at least on |
|
Linux). |
|
|
|
#define _XOPEN_SOURCE |
|
#include <unistd.h> |
|
#include <stdio.h> |
|
|
|
int main() |
|
{ |
|
printf("%s\n", crypt("changeme", "AB")); |
|
return 0; |
|
} |
|
|
|
Compile and link the program as follows. |
|
|
|
% gcc -o mkpasswd mkpasswd.cpp -lcrypt |
|
|
|
13. The KerberosAuthenticationHandler.h and all Kerberos authentication |
|
logic is not part of the Pegasus repository. |
|
|
|
14. The CIMExportIndicationRequestMessage comes back into the server |
|
and is delivered to an indication consumer (which must be loaded). |
|
|
|
|