pegasus/src/Executor/notes.txt - annotate

Return to notes.txt CVS log

Up to [Pegasus] / pegasus / src / Executor

1 mike 1.1.2.1
2 mike 1.1.2.11 1. The user that runs cimervermain is determined by the 3 PEGASUS_CIMSERVERMAIN_USER constant defined in 4 <Pegasus/Common/Constants.h>
5 mike 1.1.2.1
6 mike 1.1.2.4 2. All files but the repository are owned by root. The cimservermain
7 mike 1.1.2.12 process may read the root owned files, but it must ask the executor 8 to modify them.
9 mike 1.1.2.1
10 mike 1.1.2.8 3. The executor gives ownership of the repository to the server user 11 upon startup.
12 mike 1.1.2.2
13 mike 1.1.2.12 4. The Executor now checks whether Pegasus repository exists and errors 14 out if not.
15 mike 1.1.2.2
16 mike 1.1.2.8 5. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket).
17 mike 1.1.2.3
18 mike 1.1.2.12 6. The executor will not start if a CIM server is already running. 19 20 7. For logging purposes, the executor uses "cimexecutor" as its syslog
21 mike 1.1.2.3 identifier.
22 mike 1.1.2.5
23 mike 1.1.2.12 8. Setting up PAM authentiction (non-standalone).
24 mike 1.1.2.5 25 First compile with PEGASUS_PAM_AUTHENTICATION. 26 27 Next install the PAM configuration file. 28 29 % cd $PEGASUS_ROOT 30 % cp rpm/wbem /etc/pam.d 31 % chmod 0644 /etc/pam.d/wbem 32
33 mike 1.1.2.12 9. To build for standalone PAM authentication, compile with these:
34 mike 1.1.2.8 35 PEGASUS_PAM_AUTHENTICATION 36 PEGASUS_USE_PAM_STANDALONE_PROC
37 mike 1.1.2.5
38 mike 1.1.2.12 10. To run cimserver to use PAM, use these configuration parameters.
39 mike 1.1.2.5
40 mike 1.1.2.8 enableAuthentication=true 41
42 mike 1.1.2.12 11. To build SSL support, compile with these.
43 mike 1.1.2.8 44 OPENSSL_HOME=/usr 45 PEGASUS_HAS_SSL=true
46 mike 1.1.2.7
47 mike 1.1.2.12 12. To run cimerver to use SSL, use these configuration parameters.
48 mike 1.1.2.7
49 mike 1.1.2.8 enableHttpsConnection=true 50 enableAuthentication=true 51 sslClientVerificationMode=optional 52 sslTrustStoreUserName=root
53 mike 1.1.2.7
54 mike 1.1.2.12 13. To add a user to cimserver.passwd, use the following format (the given
55 mike 1.1.2.8 user must be a real system user).
56 mike 1.1.2.7
57 mike 1.1.2.8 jsmith:AB5bZ.JX9fQzA
58 mike 1.1.2.7
59 mike 1.1.2.8 Use the following program to generate the password (at least on 60 Linux).
61 mike 1.1.2.7
62 mike 1.1.2.8 #define _XOPEN_SOURCE 63 #include <unistd.h> 64 #include <stdio.h>
65 mike 1.1.2.7
66 mike 1.1.2.8 int main() 67 { 68 printf("%s\n", crypt("changeme", "AB")); 69 return 0; 70 }
71 mike 1.1.2.7
72 mike 1.1.2.8 Compile and link the program as follows.
73 mike 1.1.2.7
74 mike 1.1.2.8 % gcc -o mkpasswd mkpasswd.cpp -lcrypt
75 mike 1.1.2.7
76 mike 1.1.2.12 14. The KerberosAuthenticationHandler.h and all Kerberos authentication
77 mike 1.1.2.9 logic is not part of the Pegasus repository.
78 mike 1.1.2.10
79 mike 1.1.2.12 15. The CIMExportIndicationRequestMessage comes back into the server
80 mike 1.1.2.10 and is delivered to an indication consumer (which must be loaded). 81
82 mike 1.1.2.12 16. The following authentication schemes were rewritten and are now 83 part of the executor. 84 85 - PAM Basic Authentication 86 - PAM Basic Authentication, using cimservera program. 87 - Secure Local Authenticaiton 88 89 The following authentication schemes still reside in cimservermain. 90 91 - SSL certificate authentication 92 - Secure Basic (uses cimserver.passwd file).
93 mike 1.1.2.10
94 mike 1.1.2.13 17. Places that NEW_SESSION_KEY request is used. 95 96 - SSL certificate authentication. 97 - Indication service. 98
99 mike 1.1.2.14 18. Note that "secure basic" authentication and "SSL peer authentication" 100 cannot be used together since the validate user (performed by 101 SSL peer authentication) fails since the username is not in the 102 cimserver.passwd file. 103

No CVS admin address has been configured