HP WBEM Services for HP-UX System Administrator Guide (5900-1624, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software

Remote user authentication

The CIM Server can authenticate remote users with one of the following methods:

• HTTP Basic Authentication

• Certificate Based Authentication

Table 3 describes these authentication methods.

Table 3 Remote User Authentication Methods

HTTP Basic AuthenticationCertificate Based Authentication (CBA)

Description

Using a request/challenge mechanism and authenticating

the user-supplied username and password through

Pluggable Authentication Modules (PAM).

The CIM Server requests the client certificate while HTTPS

connection is in progress.

Benefits and Considerations

• Easier to setup, as it does not require any server

configuration.

• Requires the remote user to provide a password each

time to access the WBEM data.

• You will have to update the client application each time

the password is changed.

• Requires a one-time server configuration.

• Does not require the remote user to provide a password

each time to access the WBEM data.

The benefits of not requiring a password include:

• Prevents intruders from gaining access to internal

network resources by “spoofing” passwords.

• Additional configuration or updates to applications is

not required whenever a password is changed.

For more information, see

“Additional information on HTTP basic authentication”

(page 36)

“Additional information on Certificate Based

Authentication” (page 37)

The default value for the configuration parameter enableRemotePrivilegedAccess has been

changed to TRUE with the release of HP WBEM Services version A.01.05.02. This implies that,

by default, an authenticated user with privileged access to the system running HP WBEM Services

is allowed to issue requests to HP WBEM Services from a remote system.

When HP WBEM Services is installed, the CIM Server is configured with a randomly-generated,

self-signed certificate. If a self-signed server certificate does not provide a sufficient level of trust,

you can use a central Certificate Authority such as Verisign to issue certificates.

Additional information on HTTP basic authentication

The /etc/pam.conf file is the configuration file for PAM. The /etc/pam.conf file contains a

list of services and each service is mapped to a corresponding service module. When a service is

requested, its associated module is invoked. HP WBEM Services defaults to the authentication

mechanism specified in the OTHER directive of the /etc/pam.conf file.

To use other authentication methods, you must edit the/etc/pam.conf file and add a wbem

service entry.

For example:

# Example of /etc/pam.conf file with WBEM services (using LDAP)

# Authentication management

wbem auth required libpam_hpsec.so.1

wbem auth sufficient libpam_unix.so.1

36 Authentication methods in HP WBEM Services