HP WBEM Services Version A.02.09.
© Copyright 2010, 2011 Hewlett-Packard Development Company, L.P. All rights reserved Legal Notices Confidential computer software. Valid license from HP required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Contents 1 HP WBEM Services Version A.02.09.06 Release Notes...................................4 Announcement.........................................................................................................................4 What is in this version?.............................................................................................................4 Security ..................................................................................................................................
1 HP WBEM Services Version A.02.09.06 Release Notes Announcement The following information is for HP WBEM Services Version A.02.09.06: HP WBEM Services for HP-UX is available from http://software.hp.com. HP-UX implements the Distributed Management Task Force (DMTF) WBEM standard and this enables HP WBEM Services to deliver increased control of enterprise resources at reduced cost.
HP WBEM Services for HP-UX Version A.02.09 is based on the Open Pegasus 2.9 source base and CIM Schema 2.17.1. HP WBEM Services Version A.02.09.06 supports an enhancement in the wbemassist command. With this enhancement, the command performs compatibility checks on the installed providers with the WBEM Services version and provides compatibility related information. Following are the key differences between the HP WBEM Services Version A.02.07 and A.02.
◦ Domain Name Service ◦ Network Time Protocol ◦ Network Information Service ◦ IP ◦ SD ◦ IOTree For information on installing HP WBEM Services Version A.02.09.06, see “Installation information” (page 13). Security HP WBEM Services supports the following connection points: • HTTP port • HTTPS (HTTP Secure) port • HTTPS port for Export Connections • UNIX domain socket for local connections HP WBEM Services uses dedicated ports for CIM-XML traffic.
To disable the HTTPS port, use the cimconfig command to set the value of the CIM Server configuration property enableHttpsConnection to false. Be sure the value for the enableHttpConnection property is set to true and restart the CIM Server. To disable the Export HTTPS port, use the cimconfig command to set the value of the configuration property enableSSLExportClientVerification to false and restart the CIM Server.
wbem auth required libpam_hpsec.so.1 wbem auth sufficient libpam_unix.so.1 wbem auth required libpam_ldap.so.1 try_first_pass # Account management wbem account required libpam_hpsec.so.1 wbem account sufficient libpam_unix.so.1 wbem account required libpam_ldap.so.1 # Session management wbem session required libpam_hpsec.so.1 wbem session sufficient libpam_unix.so.1 wbem session required libpam_ldap.so.1 # Password management wbem password required libpam_hpsec.so.1 wbem password required libpam_ldap.so.
The wbemexec command is not recommended for use in high-threat environments because wbemexec does not provide any additional certificate verifications, such as host-name or certificate-depth verification. Managing certificates During the installation process, if the /etc/opt/hp/sslshare/cert.pem and /etc/opt/ hp/sslshare/file.pem files are found on the system, the following messages is generated in the install log: NOTE: /etc/opt/hp/sslshare/cert.pem - SSL Certificate file already exists.
1. Copy the certificate (/etc/opt/hp/sslshare/cert.pem) from the system where HP WBEM Services is installed. NOTE: Do not copy the key in the /etc/opt/hp/sslshare/file.pem, copy only the public certificate in the /etc/opt/hp/sslshare/cert.pem file. 2. Use the ssltrustmgr command to add the certificate (from cert.pem) to the trust store .pem on the client machine. NOTE: The wbemexec command uses the file /etc/opt/hp/sslshare/client.pem as its trust store.
NOTE: Unless otherwise stated, the tables indicate support for the listed and later versions of WBEM providers that are compatible with HP WBEM Services Version A.02.09.06. This version of HP WBEM Services can work with earlier versions of the providers that are already installed in your environment. However, these earlier versions are not tested with HP WBEM Services Version A.02.09.06.
Table 4 HP-UX 11i v3 WBEM Solution Compatibility Table Product Tag Product Title Product Version Supported HP WBEM Services Version iCOD HP-UX iCOD (Instant Capacity) B.11.31.10.00.00 A.02.09.06 NParProvider nPartition Provider - HP-UX B.31.02.00 SW-DIST HP-UX Software Distributor B.11.31.1003 WBEMP-LAN LAN Provider for Ethernet LAN interfaces B.11.31.1103 VParProvider vPar Provider - HP-UX B.11.31.01.04 WBEMP-FCP WBEM Provider for FC HBAs B.11.31.
invoked in the context of the user requesting an operation (i.e., “Run-As-Requestor”). This default setting can break backward compatibility for certain types of providers. This means that existing providers that run in the user context of the CIM Server can break. To resolve this situation, you have the following two alternatives: Alternative 1 To continue running the provider in a privileged context, you need to explicitly register the provider to run in a “Privileged User” context.
NOTE: After the OpenSSL updates are installed, the HP WBEM Services cimserver process must be shutdown and restarted in order to run against any new version of OpenSSL. For more information on shutting down and restarting the cimserver, see the HP WBEM Services System Administrator Guide.
/opt/wbem/bin commands, executables /opt/wbem/lbin Executables that are not intended to be used directly by customers.
* Beginning Analysis * Session selections have been saved in the file '/.sw/sessions/swverify.last'. Verification succeeded After installing HP WBEM Services, the CIM Server is in a running state.
cimservermain, and cimserverd. The cimserverd process is a daemon process that monitors cimserver to ensure it remains available. WARNING! HP recommends not to disable cimserver at startup. Doing so, will impact other HP products such as; iCOD/iCAP, HP SIM, VSE, and System Fault Management, as these HP solutions depend on HP WBEM Services (cimserver) to be running.
Table 5 Defects fixed in HP WBEM Services Version A.02.09.xx (continued) Identifier Description Resolution QXCR1001066307 When clients running on the localhost, connecting via the connectlocal( ) method, terminate the connection before authentication is completed, the authentication token is not removed from /var/opt/wbem/ localauth file. This defect is fixed in the current release.
Table 5 Defects fixed in HP WBEM Services Version A.02.09.xx (continued) Identifier Description Resolution QXCR1000890091 In the Networking page of HP System Management Homepage, the following error is displayed: This defect has been fixed to resolve this error message. CIM_ERR_FAILED: Error in ioctl() request SIOCGIFCONF: Invalid argument When this error message is displayed, no other data can be displayed on the Networking page. This error is noticed only with HP WBEM Services versions prior to A.
IMPORTANT: This issue is only applicable for HP WBEM Services A.02.07 and later versions. What is the workaround? For systems using LDAP or other network services, before installing HP WBEM Services, you must manually add a local cimsrvr user and group using a unique UID and GID. You must first determine the available reserved IDs for the group (for example 130) and for the user (for example, 125) ensuring that these IDs are not in use by LDAP or other network services.
The following error message is displayed during subsequent start up of the cimserver : /opt/wbem/lbin/cimserver: failed to exec /opt/wbem/lbin/cimservermain What is the Workaround? Run the following commands before starting the cimserver: • chown cimsrvr:bin /opt/wbem/lbin/cimservermain • chown cimsrvr:bin /var/opt/wbem • chown cimsrvr:bin /var/opt/wbem/socket • chmod 1755 /var/opt/wbem/socket • chmod 755 /var/opt/wbem Related documentation Following are the documents available with this release o
