Installation guide
www.vmware.com
208
VMware ESX Server Administration Guide
• The user must have read access to the configuration file to use the local console
on the service console or to connect to the virtual machine with the VMware
Perl API.
• The user must have read and execute access to the configuration file to
connect to and control (start, stop, reset or suspend) a virtual machine in a
remote console, with the VMware Perl API or with the management interface.
• The user must have read and write access to the configuration file to change
the configuration using the Configure VM page in the management interface.
Note: If you have users with list access, but not read access, they may encounter
errors in the VMware Management Interface.
If a vmware process is not running for the configuration file you are trying to use,
vmware-authd examines /etc/vmware/vm-list, the file where you register
your virtual machines. If the configuration file is listed in vm-list, vmware-authd
(not necessarily the user who is currently authenticated) starts VMware ESX Server as
owner of this configuration file.
Registered virtual machines (those listed in /etc/vmware/vm-list) also appear
in the VMware Management Interface. The virtual machines you see on the Status
Monitor page must be listed in vm-list, and you must have read access to their
configuration files.
The vmware-authd process exits as soon as a connection to a vmware process is
established. Each vmware process shuts down automatically after the last user
disconnects.
Using Your Own Security Certificates when Securing Your Remote Sessions
The username, password and network packets sent to ESX Server over a network
connection when using the VMware Remote Console or the VMware Management
Interface are encrypted in ESX Server by default when you choose Medium or High
security settings for the server.
With SSL enabled, security certificates are created by ESX Server and stored on the
server. However, the certificates used to secure your management interface sessions
are not signed by a trusted certificate authority; therefore they do not provide
authentication. If you intend to use encrypted remote connections externally, you
should consider purchasing a certificate from a trusted certificate authority.
If you prefer, you can use your own security certificate for your SSL connections.
The VMware Management Interface certificate must be placed in /etc/vmware-
mui/ssl. The management interface certificate consists of 2 files: the certificate