Manualshelf

Specifications

ManualsBrandsVMware ManualsComputer equipmentGSX Server 3 Administration
161162163164165166167168169170
VMware, Inc. 181
Chapter 5 Using the VMware Service Console
it!can!be!configured!easily!to!use!LDAP,!NIS,!Kerberos,!or!another!distributed!
authentication!mechanism.!
The!PAM!configuration!is!in!/etc/pam.d/vmware-authd.
Every!time!a!connection!is!made!to!the! server!running!ESX!Server,!the!inetd!process!
runs!an!instance!of!the!VMware!authentication!daemon!(vmware-authd).!The!
vmware-authd!process!requests!a
!user!name!and!password,!and!hands!them!off!to!
PAM,!which!performs!the!authentication.!
After!a!user!is!authenticated,!vmware-authd!accepts!a!path!name!to!a!virtual!machine!
configuration!file.!Access!to!the!configuration!file!is!restricted!in!the!following!ways.!
The!user!must!have:
! read!access!to!the!configuration!file!to!see!and!control!the!virtual!machine!in!the!
VMware!Management!Interface!and!to!view!the!virtual!machine!details!pages.!
! read!access!to!the!configuration!file!to!use!the!local!console!on!the!service!console!
or!to!connect!to!the!virtual!machine!with!the!VMware!Perl!API.!
! read!and!execute!access!to!the!configuration!file!to!connect!to!and!control!(start,!
stop,!reset,!or!suspend)!a!virtual!machine!in!a!remote!console,!with!the!VMware!
Perl!API!or!with!the!management!interface.!
! read!and!write!access!to!the!configuration!file!to!change!the!configuration!using!
the!Configure!VM!page!in!the!management!interface.!
If!a!vmware!process!is!not!running!for!the!configuration!file!you!are!trying!to!use,!
vmware-authd!examines!/etc/vmware/vm-list,!the!file!where!you!register!your!
virtual!machines.!If!the!
configuration!file!is!listed!in!vm-list,!vmware-authd!(not!
necessarily!the!user!who!is!currently!authenticated)!starts!VMware!ESX!Server!as!
owner!of!this!configuration!file.!
Registered!virtual!machines!(those!listed!in!/etc/vmware/vm-list)!also!appear!in!the!
VMware!Management!Interface.!The!virtual!machines!listed!on!the!Status!Monitor!
must!be!listed
!in!vm-list,!and!you!must!have!read!access!to!their!configuration!files.!
The!vmware-authd!process!exits!as!soon!as!a!connection!to!a!vmware!process!is!
established.!Each!vmware!process!shuts!down!automatically!after!the!last!user!
disconnects.!
N
OTE If!you!have!users!with!list!access,!but!not!read!access,!they!might!encounter!errors!in!the!
VMware!Management!Interface.