(file) Return to notes.txt CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Executor 
  1 mike  1.1.2.1 

  2 mike  1.1.2.11     1.  The user that runs cimervermain is determined by the 
  3                        PEGASUS_CIMSERVERMAIN_USER constant defined in 
  4                        <Pegasus/Common/Constants.h>

  5 mike  1.1.2.1  

  6 mike  1.1.2.4      2.  All files but the repository are owned by root. The cimservermain

  7 mike  1.1.2.12         process may read the root owned files, but it must ask the executor 
  8                        to modify them.

  9 mike  1.1.2.1  

 10 mike  1.1.2.15     3.  The executor grants ownership of the repository to the server user

 11 mike  1.1.2.17         upon startup if the server user does not already own them. Although
 12                        at installation time this should have already been done.

 13 mike  1.1.2.2  

 14 mike  1.1.2.12     4.  The Executor now checks whether Pegasus repository exists and errors 
 15                        out if not.

 16 mike  1.1.2.2  

 17 mike  1.1.2.8      5.  Cimservermain owns the local-domain socket file (/tmp/cimxml.socket).

 18 mike  1.1.2.3  

 19 mike  1.1.2.15     6.  The executor now detects whether the CIM server is already running.

 20 mike  1.1.2.12 
 21                    7.  For logging purposes, the executor uses "cimexecutor" as its syslog

 22 mike  1.1.2.3          identifier.

 23 mike  1.1.2.5  

 24 mike  1.1.2.12     8.  Setting up PAM authentiction (non-standalone).

 25 mike  1.1.2.5  
 26                        First compile with PEGASUS_PAM_AUTHENTICATION. 
 27                        
 28                        Next install the PAM configuration file.
 29                
 30                            % cd $PEGASUS_ROOT
 31                            % cp rpm/wbem /etc/pam.d
 32                            % chmod 0644 /etc/pam.d/wbem
 33                

 34 mike  1.1.2.12     9.  To build for standalone PAM authentication, compile with these:

 35 mike  1.1.2.8  
 36                            PEGASUS_PAM_AUTHENTICATION
 37                            PEGASUS_USE_PAM_STANDALONE_PROC

 38 mike  1.1.2.5  

 39 mike  1.1.2.12     10.  To run cimserver to use PAM, use these configuration parameters.

 40 mike  1.1.2.5  

 41 mike  1.1.2.8              enableAuthentication=true 
 42                

 43 mike  1.1.2.12     11. To build SSL support, compile with these.

 44 mike  1.1.2.8      
 45                            OPENSSL_HOME=/usr
 46                            PEGASUS_HAS_SSL=true

 47 mike  1.1.2.7  

 48 mike  1.1.2.12     12. To run cimerver to use SSL, use these configuration parameters.

 49 mike  1.1.2.7  

 50 mike  1.1.2.8              enableHttpsConnection=true 
 51                            enableAuthentication=true 
 52                            sslClientVerificationMode=optional 
 53                            sslTrustStoreUserName=root

 54 mike  1.1.2.7  

 55 mike  1.1.2.12     13. To add a user to cimserver.passwd, use the following format (the given

 56 mike  1.1.2.8          user must be a real system user).

 57 mike  1.1.2.7  

 58 mike  1.1.2.8              jsmith:AB5bZ.JX9fQzA

 59 mike  1.1.2.7  

 60 mike  1.1.2.8          Use the following program to generate the password (at least on
 61                        Linux).

 62 mike  1.1.2.7  

 63 mike  1.1.2.8              #define _XOPEN_SOURCE
 64                            #include <unistd.h>
 65                            #include <stdio.h>

 66 mike  1.1.2.7  

 67 mike  1.1.2.8              int main()
 68                            {
 69                                printf("%s\n", crypt("changeme", "AB"));
 70                                return 0;
 71                            }

 72 mike  1.1.2.7  

 73 mike  1.1.2.8          Compile and link the program as follows.

 74 mike  1.1.2.7  

 75 mike  1.1.2.8              % gcc -o mkpasswd mkpasswd.cpp -lcrypt

 76 mike  1.1.2.7  

 77 mike  1.1.2.12     14. The KerberosAuthenticationHandler.h and all Kerberos authentication

 78 mike  1.1.2.9          logic is not part of the Pegasus repository.

 79 mike  1.1.2.10 

 80 mike  1.1.2.16     15. The following authentication schemes were rewritten and are now

 81 mike  1.1.2.12         part of the executor.
 82                
 83                            - PAM Basic Authentication
 84                            - PAM Basic Authentication, using cimservera program.
 85                            - Secure Local Authenticaiton

 86 mike  1.1.2.15             - Secure Basic (uses cimserver.passwd file).

 87 mike  1.1.2.12 
 88                        The following authentication schemes still reside in cimservermain.
 89                

 90 mike  1.1.2.15             - SSL peer authentication
 91                            - Kerberos (source not available to Pegasus).

 92 mike  1.1.2.10 

 93 mike  1.1.2.16     16. Places that NEW_SESSION_KEY request is used.

 94 mike  1.1.2.13 
 95                            - SSL certificate authentication.

 96 mike  1.1.2.16             - Indication service (before accepting connections).

 97 mike  1.1.2.13 

 98 mike  1.1.2.16     17. Note that using "secure basic" authentication and "SSL peer 
 99                        authentication" togehter breaks the end-to-end tests (validate
100                        user fails since the user is not in the cimserver.passwd file).
101                
102                    18. Four provider agent user contexts:
103                
104                            - REQUESTOR         MyProviderModule:*
105                            - DESIGNATED        MyProviderModule:fred
106                            - PRIVILEGED        MyProviderModule:root
107                            - CIMSERVER         MyProviderModule:pegasus
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2