Manualshelf

HP WBEM Services Version A.02.09.14 Release Notes HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
12345678910
# Account management
wbem account required libpam_hpsec.so.1
wbem account sufficient libpam_unix.so.1
wbem account required libpam_ldap.so.1
# Session management
wbem session required libpam_hpsec.so.1
wbem session sufficient libpam_unix.so.1
wbem session required libpam_ldap.so.1
# Password management
wbem password required libpam_hpsec.so.1
wbem password required libpam_ldap.so.1 try_first_pass
wbem password required libpam_ldap.so.1 try_first_pass
NOTE: HP-UX uses the cimservera executable in HP WBEM Services to provide the cimserver
with PAM Authentication services. For more information, see the HP WBEM Services for HP-UX
System Administrator Guide.
Using Certificate Based Authentication
To use the Certificate Based Authentication (CBA) method, you must do the following:
1. Use the cimconfig command, to enable CBA . By default, the CBA is disabled. For more
information, see the cimconfig(1M) and cimtrust(1M) manpages.
2. Use the cimtrust command to include the client certificates from the trust store in the
cimserver and associate that certificate with a system user.
3. Enable the HTTPS connections for the client to authenticate its certificate for HP WBEM Services.
NOTE: HP System Insight Manager (HP SIM) Version 5.1 or later enables you to use CBA for
remote user. For more information on CBA for remote users, see the HP SIM documentation.
Certificate verification
CIM Client
The CIM Client Interface supports the trust store and verification callback function for server certificate
verification. The CIM Client applications can use one or both of these mechanism to verify the
server certificate.
Using wbemexec command
The wbemexec command provides a command-line interface to the CIM Server.
The wbemexec command uses the trust store for server certificate verification. Be sure to import
the certificate in the /etc/opt/hp/sslshare/cert.pem file from the system where the CIM
Server is running to the client system’s trust store.
For more information about the wbemexec command, see the wbemexec manpage.
For more information about certificates, see “Importing server certificates to trust store (page 9).
The wbemexec command SSL connection to the CIM Server will fail if the server certificate is not
found and verified in the trust store.
The wbemexec command is not recommended for use in high-threat environments because
wbemexec does not provide any additional certificate verifications, such as host-name or
certificate-depth verification.
8 HP WBEM Services Version A.02.09.14 Release Notes