Manualshelf

HP-UX WBEM Services Release Notes, September 2010

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
12345678910
# Session management
wbem session required libpam_hpsec.so.1
wbem session sufficient libpam_unix.so.1
wbem session required libpam_ldap.so.1
# Password management
wbem password required libpam_hpsec.so.1
wbem password required libpam_ldap.so.1 try_first_pass
wbem password required libpam_ldap.so.1 try_first_pass
NOTE: HP-UX uses the cimservera executable in HP WBEM Services to provide the cimserver
with PAM Authentication services. For more information, see the HP WBEM Services for HP-UX
and Linux System Administrator's Guide (part number B8465-90017, chapter 3).
More about using Client Certificate-Based Authentication
Before making use of CBA, you must do the following:
1. Enable Certificate Based Authentication (CBA) using the cimconfig command. By default,
CBA is disabled. Refer to the cimconfig(1M) and cimtrust(1M) man pages for more
information.
2. Use the cimtrust command to include client certificates from the trust store in the
cimserver and associate that certificate with a system user.
3. The HTTPS connections must be enabled in order for the client to have its certificate
authenticated by HP WBEM Services.
NOTE: HP System Insight Manager (HP SIM) version 5.1 or later is able to use Certificate-Based
remote user authentication. For more information on certificate based remote user authentication,
see the HP SIM documentation.
Certificate Verification
CIM Clients
The CIM Client Interface supports the trust store and verification callback function as the
mechanisms for server certificate verification. The CIM Client applications can use one or both
of these mechanism to verify the server certificate.
wbemexec Client
The wbemexec command provides a command-line interface to a CIM server.
For more information about the wbemexec command, see the wbemexec man page.
wbemexec uses trust store for server certificate verification. Be sure to import the certificate in
/etc/opt/hp/sslshare/cert.pem from the system where the CIM Server is running to the client
system’s trust store.
For more information about certificates, see Importing Server Certificates into the Trust Store, below.
wbemexec’s SSL connection to CIM Server will fail if the server certificate is not found and
verified in the trust store.
wbemexec is not recommended for use in high-threat environments because wbemexec does
not do any additional certificate verifications, such as host-name or certificate-depth verification.
10 HP WBEM Services Version A.02.09 Release Notes