Manualshelf

HP WBEM Services Version A.02.07 Release Notes, September 2008, Second Edition

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
11121314151617181920
Table 1-2 Remote User Authentication Methods
HTTP Basic AuthenticationCertificate Based Authentication (CBA)
Description
Using a request/challenge mechanism and
authenticating the user-supplied username and
password through Pluggable Authentication
Modules (PAM).
The cimserver requests the client certificate while
HTTPS connection is in progress.
Benefits and Considerations
Easier to setup, as it does not require any server
configuration.
Requires the remote user to provide a password
each time to access the WBEM data.
You will have to update the client application
each time the password is changed.
Requires a one-time server configuration.
Does not require the remote user to provide a
password each time to access the WBEM data.
The benefits of not requiring a password include:
Prevents intruders from gaining access to
internal network resources by “spoofing”
passwords.
Additional configuration or updates to
applications is not required whenever a
password is changed.
For more information, see...
“More about using HTTP Basic Authentication”
(page 13)
“More about using Client Certificate-Based
Authentication” (page 14)
More about using HTTP Basic Authentication
The /etc/pam.conf file is the configuration file for PAM. The /etc/pam.conf file
contains a list of services and each service is mapped to a corresponding service module.
When a service is requested, its associated module is invoked. WBEM Services will
default to the authentication mechanism specified in the OTHER directive of the
/etc/pam.conf file. To use other authentication methods, you must edit
the/etc/pam.conf file and add a "wbem" service entry. See example below. For
additional information, please refer to the pam(3) and pam.conf(4) man pages.
#
# Example of /etc/pam.conf file with WBEM services (using LDAP)
#
# Authentication management
wbem auth required libpam_hpsec.so.1
wbem auth sufficient libpam_unix.so.1
wbem auth required libpam_ldap.so.1 try_first_pass
# Account management
Security 13