Manualshelf

HP WBEM Services Version A.02.11.00 Release Notes HP-UX 11i v3 (766167-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX 11i WBEM Software
12345678910
Security considerations
When you use the Simple Network Management Protocol (SNMP), Process Resource Manager
(PRM), and Workload Manager (WLM) tools, consider the following security conditions:
You can use tools such as PRM and WLM to limit computing resources used by the WBEM
Services processes. You can purchase these products from http://www.software.hp.com.
However, limiting or restricting the computing resources of the WBEM Services processes,
depending on the configured limits and WBEM Services utilization, can cause WBEM Services
processes to constantly reach the limits.
Due to security limitations of the SNMP protocol, HP does not recommend using the SNMP
indication handler.
SSL support
HP WBEM Services uses SSL (Secure Sockets Layer) for all communications, with server-side
certificates that are trusted by the management application, when using HTTPS connections. HP
WBEM Services uses OpenSSL to support HTTPS connections.
NOTE: OpenSSL is an open source cryptography toolkit that implements the network protocols
and related cryptography standards of SSL v2 and v3, and TLS (Transport Layer Security). HP
WBEM Services supports only SSL v3 and TLS protocols. For more information, see OpenSSL
website at http://www.openssl.org.
On the HTTPS port, the CIM clients uses SSL to establish connections with the CIM Server and to
send CIM requests.
To disable the HTTPS port, use the cimconfig command to set the value of the CIM Server
configuration property enableHttpsConnection to false. Be sure the value for the
enableHttpConnection property is set to true and restart the CIM Server.
To disable the Export HTTPS port, use the cimconfig command to set the value of the configuration
property enableSSLExportClientVerification to false and restart the CIM Server.
Local user authentication
The CIM Server automatically authenticates local connections - that is connections established using
the connectLocal method in the CIMClient interface. This eliminates the need to specify a
user name or password when issuing management commands on the local system.
The UNIX domain socket connection point is used for local connections, hence, this traffic is not
visible on the network interconnect.
Remote user authentication
The CIM Server can authenticate remote users, using the following methods:
HTTP Basic Authentication
Certificate Based Authentication (CBA)
“Remote user authentication methods lists each remote authentication method in detail.
Table 2 Remote user authentication methods
HTTP Basic AuthenticationCertificate Based Authentication (CBA)
Description
Using a request/challenge mechanism and authenticating
the user-supplied username and password through
Pluggable Authentication Modules (PAM).
The CIM Server requests the client certificate when the
HTTPS connection is in progress.
8 HP WBEM Services version A.02.11.04 release notes