Manualshelf

HP WBEM Services for HP-UX System Administrator Guide (5900-1624, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
31323334353637383940
wbem auth required libpam_ldap.so.1 try_first_pass
# Account management
wbem account required libpam_hpsec.so.1
wbem account sufficient libpam_unix.so.1
wbem account required libpam_ldap.so.1
# Session management
wbem session required libpam_hpsec.so.1
wbem session sufficient libpam_unix.so.1
wbem session required libpam_ldap.so.1
# Password management
wbem password required libpam_hpsec.so.1
wbem password required libpam_ldap.so.1 try_first_pass
wbem password required libpam_ldap.so.1 try_first_pass
For more information, see the pam(3) and pam.conf(4) manpages.
NOTE: HP-UX uses the cimservera executable in HP WBEM Services to provide the CIM Server
with PAM Authentication services.
Additional information on Certificate Based Authentication
Before using Certificate Based Authentication (CBA), you must complete the following steps:
1. Enable CBA using the cimconfig command.
By default, CBA is disabled. For more information on enabling CBA, see the cimconfig(1M)
and cimtrust(1M) manpages.
2. Use the cimtrust command to include client certificates from the trust store in the cimserver
and associate that certificate with a system user.
3. Enable the HTTPS connections so that the certificate of the client is authenticated by HP WBEM
Services.
NOTE: HP System Insight Manager (HP SIM) version 5.1 or later supports the Certificate-Based
remote user authentication. For more information on certificate based remote user authentication,
see the HP SIM documentation.
HTTPS and HTTP
By default, enableHttpsConnection is set to true, and HP WBEM Services listens on port
5989. You can set the HTTPS connection to false, and set the property enableHttpConnection
to true to make HP WBEM Services listen on port 5988.
Use the cimconfig command to reset the property file. To change properties temporarily, for just
one session, start the CIM Server with the cimserver command and use the command-line
properties option.
If you set both, HTTPS and HTTP to true then HP WBEM Services will listen on ports 5988 and
5989.
If you set both to false, HP WBEM Services will listen only on the domain socket and will only
accept requests from local clients, i.e. connections established using the connectLocal method
in the CIMClient interface.
By default, HP WBEM Services uses Secured Socket Layer (SSL) for all communications, with
server-side certificates that are trusted by the management application. This provides both spoof
protection and confidentiality.
HTTPS and HTTP 37