pegasus/src/Executor/notes.txt - annotate

Return to notes.txt CVS log

Up to [Pegasus] / pegasus / src / Executor

1 mike 1.1.2.1
2 mike 1.1.2.11 1. The user that runs cimervermain is determined by the 3 PEGASUS_CIMSERVERMAIN_USER constant defined in 4 <Pegasus/Common/Constants.h>
5 mike 1.1.2.1
6 mike 1.1.2.4 2. All files but the repository are owned by root. The cimservermain
7 mike 1.1.2.12 process may read the root owned files, but it must ask the executor 8 to modify them.
9 mike 1.1.2.1
10 mike 1.1.2.15 3. The executor grants ownership of the repository to the server user
11 mike 1.1.2.8 upon startup.
12 mike 1.1.2.2
13 mike 1.1.2.12 4. The Executor now checks whether Pegasus repository exists and errors 14 out if not.
15 mike 1.1.2.2
16 mike 1.1.2.8 5. Cimservermain owns the local-domain socket file (/tmp/cimxml.socket).
17 mike 1.1.2.3
18 mike 1.1.2.15 6. The executor now detects whether the CIM server is already running.
19 mike 1.1.2.12 20 7. For logging purposes, the executor uses "cimexecutor" as its syslog
21 mike 1.1.2.3 identifier.
22 mike 1.1.2.5
23 mike 1.1.2.12 8. Setting up PAM authentiction (non-standalone).
24 mike 1.1.2.5 25 First compile with PEGASUS_PAM_AUTHENTICATION. 26 27 Next install the PAM configuration file. 28 29 % cd $PEGASUS_ROOT 30 % cp rpm/wbem /etc/pam.d 31 % chmod 0644 /etc/pam.d/wbem 32
33 mike 1.1.2.12 9. To build for standalone PAM authentication, compile with these:
34 mike 1.1.2.8 35 PEGASUS_PAM_AUTHENTICATION 36 PEGASUS_USE_PAM_STANDALONE_PROC
37 mike 1.1.2.5
38 mike 1.1.2.12 10. To run cimserver to use PAM, use these configuration parameters.
39 mike 1.1.2.5
40 mike 1.1.2.8 enableAuthentication=true 41
42 mike 1.1.2.12 11. To build SSL support, compile with these.
43 mike 1.1.2.8 44 OPENSSL_HOME=/usr 45 PEGASUS_HAS_SSL=true
46 mike 1.1.2.7
47 mike 1.1.2.12 12. To run cimerver to use SSL, use these configuration parameters.
48 mike 1.1.2.7
49 mike 1.1.2.8 enableHttpsConnection=true 50 enableAuthentication=true 51 sslClientVerificationMode=optional 52 sslTrustStoreUserName=root
53 mike 1.1.2.7
54 mike 1.1.2.12 13. To add a user to cimserver.passwd, use the following format (the given
55 mike 1.1.2.8 user must be a real system user).
56 mike 1.1.2.7
57 mike 1.1.2.8 jsmith:AB5bZ.JX9fQzA
58 mike 1.1.2.7
59 mike 1.1.2.8 Use the following program to generate the password (at least on 60 Linux).
61 mike 1.1.2.7
62 mike 1.1.2.8 #define _XOPEN_SOURCE 63 #include <unistd.h> 64 #include <stdio.h>
65 mike 1.1.2.7
66 mike 1.1.2.8 int main() 67 { 68 printf("%s\n", crypt("changeme", "AB")); 69 return 0; 70 }
71 mike 1.1.2.7
72 mike 1.1.2.8 Compile and link the program as follows.
73 mike 1.1.2.7
74 mike 1.1.2.8 % gcc -o mkpasswd mkpasswd.cpp -lcrypt
75 mike 1.1.2.7
76 mike 1.1.2.12 14. The KerberosAuthenticationHandler.h and all Kerberos authentication
77 mike 1.1.2.9 logic is not part of the Pegasus repository.
78 mike 1.1.2.10
79 mike 1.1.2.16 15. The following authentication schemes were rewritten and are now
80 mike 1.1.2.12 part of the executor. 81 82 - PAM Basic Authentication 83 - PAM Basic Authentication, using cimservera program. 84 - Secure Local Authenticaiton
85 mike 1.1.2.15 - Secure Basic (uses cimserver.passwd file).
86 mike 1.1.2.12 87 The following authentication schemes still reside in cimservermain. 88
89 mike 1.1.2.15 - SSL peer authentication 90 - Kerberos (source not available to Pegasus).
91 mike 1.1.2.10
92 mike 1.1.2.16 16. Places that NEW_SESSION_KEY request is used.
93 mike 1.1.2.13 94 - SSL certificate authentication.
95 mike 1.1.2.16 - Indication service (before accepting connections).
96 mike 1.1.2.13
97 mike 1.1.2.16 17. Note that using "secure basic" authentication and "SSL peer 98 authentication" togehter breaks the end-to-end tests (validate 99 user fails since the user is not in the cimserver.passwd file). 100 101 18. Four provider agent user contexts: 102 103 - REQUESTOR MyProviderModule:* 104 - DESIGNATED MyProviderModule:fred 105 - PRIVILEGED MyProviderModule:root 106 - CIMSERVER MyProviderModule:pegasus

No CVS admin address has been configured