HP WBEM Services Software Developer's Kit for HP-UX Provider and Client Developer's Guide A.01
Client Implementation
Client Security Considerations
Chapter 5 101
Client Security Considerations
As discussed in the section on provider security, the HP WBEM Services
for HP-UX CIM Server performs authentication (test for valid user and,
if remote, password) and authorization (test for permission to perform an
operation on an object in a namespace, if enabled) on all requests. Also,
the CIM Server can be configured to accept encrypted or unencrypted
communication. Clients may need to consider all of these
security-related features.
Local vs. Remote Requests and Username/Password
Authentication
A local connection mechanism exists for clients to communicate with the
CIM Server on the same system. The connectLocal() function is used
for this purpose, and does not take any arguments. The user ID passed to
the provider is that of the process in which the client program is running.
The CIM Server verifies that the user ID of the request is indeed that of
the requesting process. namespace authorization, if enabled, is still
performed.
When the client must be able to connect to a CIM Server on a remote
system, or when it must be able to specify a different user than that of
the process, it must use the connect() function. This function allows a
hostname and port number to be specified, as well as a username and
password.
SSL (Secure Socket Layer) for Encrypted
Communication
When a client connects to a remote CIM server, it can specify the port
number to which it wishes to connect. As normally configured, HP
WBEM Services for HP-UX supports encrypted communication on port
5989 or unencrypted on port 5988. If the client specifies the address of an
encrypted port, then it should use the form of connect() that takes an
SSLContext argument. The SSLContext supplies the information needed
by the client to perform a certificate-based authentication transaction
with the target host, and causes all communication to be encrypted.