Return to notes.txt CVS log | Up to [Pegasus] / pegasus / src / Executor |
1 mike 1.1.2.1 | ||
2 mike 1.1.2.4 1. The user that runs cimervermain is determined as follows. | ||
3 mike 1.1.2.1 | ||
4 mike 1.1.2.4 (1) Look for serverUser configuration option on command line. | ||
5 mike 1.1.2.1 | ||
6 mike 1.1.2.4 (2) Look for serverUser configuration option in planned configuration 7 file. | ||
8 mike 1.1.2.3 | ||
9 mike 1.1.2.4 (3) Use the owner of the cimservermain program (if not root). | ||
10 mike 1.1.2.1 | ||
11 mike 1.1.2.4 (4) Use "pegasus" (the default user). | ||
12 mike 1.1.2.1 | ||
13 mike 1.1.2.4 2. All files but the repository are owned by root. The cimservermain 14 process may read any of the root owned files, but it must ask the | ||
15 mike 1.1.2.8 executor to modify them. | ||
16 mike 1.1.2.1 | ||
17 mike 1.1.2.8 3. The executor gives ownership of the repository to the server user 18 upon startup. | ||
19 mike 1.1.2.2 | ||
20 mike 1.1.2.8 4. Executor checks whether Pegasus repository exists and errors out | ||
21 mike 1.1.2.4 if not. | ||
22 mike 1.1.2.2 | ||
23 mike 1.1.2.8 5. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket). | ||
24 mike 1.1.2.3 | ||
25 mike 1.1.2.8 6. For logging purposes, the executor uses "cimexecutor" as its syslog | ||
26 mike 1.1.2.3 identifier. | ||
27 mike 1.1.2.5 | ||
28 mike 1.1.2.8 7. Setting up PAM authentiction (non-standalone). | ||
29 mike 1.1.2.5 30 First compile with PEGASUS_PAM_AUTHENTICATION. 31 32 Next install the PAM configuration file. 33 34 % cd $PEGASUS_ROOT 35 % cp rpm/wbem /etc/pam.d 36 % chmod 0644 /etc/pam.d/wbem 37 | ||
38 mike 1.1.2.8 8. To build for standalone PAM authentication, compile with these: 39 40 PEGASUS_PAM_AUTHENTICATION 41 PEGASUS_USE_PAM_STANDALONE_PROC | ||
42 mike 1.1.2.5 | ||
43 mike 1.1.2.8 9. To run cimserver to use PAM, use these configuration parameters. | ||
44 mike 1.1.2.5 | ||
45 mike 1.1.2.8 enableAuthentication=true 46 47 10. To build SSL support, compile with these. 48 49 OPENSSL_HOME=/usr 50 PEGASUS_HAS_SSL=true | ||
51 mike 1.1.2.7 | ||
52 mike 1.1.2.8 11. To run cimerver to use SSL, use these configuration parameters. | ||
53 mike 1.1.2.7 | ||
54 mike 1.1.2.8 enableHttpsConnection=true 55 enableAuthentication=true 56 sslClientVerificationMode=optional 57 sslTrustStoreUserName=root | ||
58 mike 1.1.2.7 | ||
59 mike 1.1.2.8 12. To add a user to cimserver.passwd, use the following format (the given 60 user must be a real system user). | ||
61 mike 1.1.2.7 | ||
62 mike 1.1.2.8 jsmith:AB5bZ.JX9fQzA | ||
63 mike 1.1.2.7 | ||
64 mike 1.1.2.8 Use the following program to generate the password (at least on 65 Linux). | ||
66 mike 1.1.2.7 | ||
67 mike 1.1.2.8 #define _XOPEN_SOURCE 68 #include <unistd.h> 69 #include <stdio.h> | ||
70 mike 1.1.2.7 | ||
71 mike 1.1.2.8 int main() 72 { 73 printf("%s\n", crypt("changeme", "AB")); 74 return 0; 75 } | ||
76 mike 1.1.2.7 | ||
77 mike 1.1.2.8 Compile and link the program as follows. | ||
78 mike 1.1.2.7 | ||
79 mike 1.1.2.8 % gcc -o mkpasswd mkpasswd.cpp -lcrypt | ||
80 mike 1.1.2.7 | ||
81 mike 1.1.2.9 13. The KerberosAuthenticationHandler.h and all Kerberos authentication 82 logic is not part of the Pegasus repository. | ||
83 mike 1.1.2.10 84 14. The CIMExportIndicationRequestMessage comes back into the server 85 and is delivered to an indication consumer (which must be loaded). 86 87 |
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |