Manualshelf

Specifications

ManualsBrandsVMware ManualsComputer equipmentGSX Server 3 Administration
111112113114115116117118119120
CHAPTER 4 Managing Virtual Machines and the VMware GSX Server Host
111
Authenticating Users and Running Virtual Machines on a GSX
Server for Linux Host
GSX Server for Linux uses Pluggable Authentication Modules (PAM) for user
authentication in the VMware Virtual Machine Console and the VMware Management
Interface. The default installation of GSX Server uses standard Linux /etc/passwd
authentication, but can be configured to use LDAP, NIS, Kerberos or another
distributed authentication mechanism.
Every time you connect to the GSX Server host with the VMware Virtual Machine
Console or VMware Management Interface, the inetd or xinetd process runs an
instance of the VMware authentication daemon (vmware-authd). The vmware-
authd process requests a username and password, then hands them off to PAM,
which performs the authentication.
Once you are authenticated, the console starts or the management interface’s Status
Monitor page appears. What you can now do with the virtual machines is based on
your permissions. See Understanding Permissions and Virtual Machines on page 106.
The vmware-authd process starts a virtual machine process as the owner of the
configuration file, not as the user connecting to the virtual machine. However, the
user is still restricted by his or her permissions on the configuration file.
Note: Even if you have full permissions on a configuration file, but you do not have
execute permission to the directory in which the configuration file resides or any of its
parent directories, then you cannot connect to the virtual machine with a VMware
Virtual Machine Console or a VMware Scripting API. Furthermore, you cannot see the
virtual machine in the VMware Management Interface or in the VMware Virtual
Machine Console. Nor can you delete any files in the virtual machine’s directory.
Note: Virtual machines and their resources (such as virtual disks, physical disks,
devices and snapshot files) should be located in areas accessible to their users.
If a vmware process is not running for this configuration file, vmware-authd
checks to see if this virtual machine is in the inventory. If the virtual machine is in the
inventory, vmware-authd becomes the owner of the configuration file (not
necessarily the user that is currently authenticated) and starts the console with this
configuration file as an argument (for example,
vmware /<path_to_config>/<configfile>.vmx).
The vmware-authd process exits as soon as a connection is established to a
vmware process and at least one user has connected. Each vmware process shuts
down automatically after the last user disconnects.