HP WBEM Services Version A.02.09.12 Release Notes (5900-2121, March 2012)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software

NOTE: OpenSSL is an open source cryptography toolkit that implements the network protocols

and related cryptography standards of SSL v2 and v3, and TLS (Transport Layer Security). HP

WBEM Services supports only SSL v3 and TLS protocols. For more information, see OpenSSL

website at http://www.openssl.org.

On the HTTPS port, the CIM clients uses SSL to establish connections with the CIM Server and to

send CIM requests.

To disable the HTTPS port, use the cimconfig command to set the value of the CIM Server

configuration property enableHttpsConnection to false. Be sure the value for the

enableHttpConnection property is set to true and restart the CIM Server.

To disable the Export HTTPS port, use the cimconfig command to set the value of the configuration

property enableSSLExportClientVerification to false and restart the CIM Server.

Local user authentication

The CIM Server automatically authenticates local connections - that is connections established using

the connectLocal method in the CIMClient interface. This eliminates the need to specify a

user name or password when issuing management commands on the local system.

The UNIX domain socket connection point is used for local connections, hence, this traffic is not

visible on the network interconnect.

Remote user authentication

The CIM Server can authenticate remote users, using the following methods:

• HTTP Basic Authentication

• Certificate Based Authentication (CBA)

“Remote user authentication methods” lists each remote authentication method in detail.

Table 2 Remote user authentication methods

HTTP Basic AuthenticationCertificate Based Authentication (CBA)

Description

Using a request/challenge mechanism and authenticating

the user-supplied username and password through

Pluggable Authentication Modules (PAM).

The CIM Server requests the client certificate when the

HTTPS connection is in progress.

Benefits and Considerations

• Does not require any server configuration and hence,

easy to set up.

• Requires a one-time server configuration.

• Does not require the remote user to provide a password

each time to access the WBEM data.

• Requires the remote user to provide a password to

access the WBEM data.

• Prevents intruders from gaining access to internal

network resources by “spoofing” passwords.

• Requires to update the client application whenever the

password is changed.

• Does not require additional configuration or updates

to applications whenever a password is changed.

For more information, see...

“Using HTTP Basic Authentication” (page 7)“Using Certificate Based Authentication” (page 8)

Using HTTP Basic Authentication

The /etc/pam.conf file is the configuration file for PAM. The /etc/pam.conf file contains a

list of services and each service is mapped to a corresponding service module. When a service is

requested, its associated module is invoked. WBEM Services uses the default authentication method

specified in the OTHER directive of the /etc/pam.conf file. To use other authentication methods,

Security 7