OpenPegasus WBEM Services for Linux
Go to file
2012-02-06 16:38:03 +01:00
.gitignore Update to upstream version 2.11.1 2011-09-27 09:49:58 +02:00
access.conf port from RHEL-4; upgrade to 2.5 2005-10-03 17:56:03 +00:00
genOpenPegasusSSLCerts v2.5.1 genSSLCerts 2006-04-11 19:49:22 +00:00
genSSLcerts port from RHEL-4; upgrade to 2.5 2005-10-03 17:56:03 +00:00
pegasus_arch_alternatives Add cimsub to the pegasus_arch_alternatives script 2010-01-21 16:21:30 +00:00
pegasus_rpm_build_env.sh upgrade to 2.5.1 2006-04-07 02:56:48 +00:00
pegasus-2.5.1-pam-wbem.patch - Use password-auth common PAM configuration instead of system-auth 2009-09-16 18:59:02 +00:00
pegasus-2.5.1-warnings.patch fix bug 190432; fix upstream bugs 4955 4956 4968 4978 4983 4984 4986 5017 2006-05-03 00:13:59 +00:00
pegasus-2.6.0-cimuser.patch changed %build section 2007-03-21 10:13:24 +00:00
pegasus-2.7.0-no_snmp_tests.patch remove snmp test from test rpm 2008-01-21 14:51:46 +00:00
pegasus-2.7.0-PIE.patch Update to upstream version 2.11.0 2011-05-19 15:50:06 +02:00
pegasus-2.9.0-cmpi-provider-lib.patch Update to upstream version 2.11.0 2011-05-19 15:50:06 +02:00
pegasus-2.9.0-fix_tests.patch update to 2.9.0 2009-06-16 12:09:03 +00:00
pegasus-2.9.0-initscript.patch Fix initscript 2009-09-23 13:36:42 +00:00
pegasus-2.9.0-local-or-remote-auth.patch Update to upstream version 2.11.0 2011-05-19 15:50:06 +02:00
pegasus-2.9.0-no-rpath.patch update to 2.9.0 2009-06-16 12:09:03 +00:00
pegasus-2.9.0-redhat-config.patch Update to upstream version 2.11.0 2011-05-19 15:50:06 +02:00
pegasus-2.9.0-sparc.patch update to 2.9.0 2009-06-16 12:09:03 +00:00
pegasus-2.9.1-getpagesize.patch Update to upstream version 2.9.2, Cleanup the spec file, use upstream Makefile 2010-11-03 15:15:38 +01:00
pegasus-2.9.1-makefile-initscript.patch Update to upstream version 2.10.1, minor issues cleaning 2011-02-16 13:31:36 +01:00
pegasus-2.10.0-dont-strip.patch Add -g flag for compiler 2011-04-05 09:53:02 +02:00
pegasus-2.10.0-sparc-posix-lock.patch use posix locks on sparc arches 2011-03-30 17:50:51 -05:00
pegasus-2.11.1-disable-privilege-separation.patch Add explicit file attributes where RPM requires it, Disable privilege separation feature 2011-09-27 12:19:37 +02:00
README.RedHat.Security port from RHEL-4; upgrade to 2.5 2005-10-03 17:56:03 +00:00
README.RedHat.SSL update to 2.9.0 2009-06-16 12:09:03 +00:00
RedHat.OpenPegasus.Makefile update to 2.9.0 2009-06-16 12:09:03 +00:00
rpm_build_env enable CMPI for sblim-cmpi-base Extras packages 2005-11-10 00:47:44 +00:00
sources Update to upstream version 2.11.1 2011-09-27 09:49:58 +02:00
tog-pegasus.spec Add missing useradd/groupadd dependency to tog-pegasus-libs 2012-02-06 16:38:03 +01:00
tog-pegasus.tmpfiles Use %%ghost for /var/run/tog-pegasus 2011-03-22 13:00:11 +01:00

              Red Hat SSL configuration for tog-pegasus
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   The Red Hat tog-pegasus package is built with support for SSL
   (the Secure Socket Layer).
   Note: the upstream documentation for SSL is located here:
   /usr/share/doc/tog-pegasus-%{version}/PegasusSSLGuidelines.htm
   However, because the upstream documentation for SSL is not up-to-date
   (it was last updated in March, 2006, around the time of the
   OpenPegasus-2.5.1 release), nor accurate, we are providing this short
   description of how to configure SSL, as well as how it should be used.

 Hard-Coded Build-Time Constants:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Here is the list of constants which are hard-coded during build time:

   PEGASUS_CONFIG_DIR = /etc/Pegasus

   PEGASUS_PEM_DIR = $(PEGASUS_CONFIG_DIR)
                  (= /etc/Pegasus)

   PEGASUS_SSL_KEY_FILE = file.pem
   PEGASUS_SSL_KEY_FILE_PATH = $(PEGASUS_PEM_DIR)/$(PEGASUS_SSL_KEY_FILE)
                  (= /etc/Pegasus/file.pem)
   o Contains the private key for the CIM Server SSL Certificate.

   PEGASUS_SSL_CERT_FILE = server.pem
   PEGASUS_SSL_CERT_FILE_PATH = $(PEGASUS_PEM_DIR)/$(PEGASUS_SSL_CERT_FILE)
                             (= /etc/Pegasus/server.pem)
   o Contains the CIM Server SSL Certificate.

   PEGASUS_SSL_TRUSTSTORE = client.pem
   PEGASUS_SSL_CLIENT_TRUSTSTORE = $(PEGASUS_PEM_DIR)/$(PEGASUS_SSL_TRUSTSTORE)
                                (= /etc/Pegasus/client.pem)
   PEGASUS_SSL_SERVER_TRUSTSTORE = $(PEGASUS_PEM_DIR)/cimserver_trust
                                (= /etc/Pegasus/cimserver_trust)
   o Specifies the location of the OpenSSL truststore. Consistent with the
     OpenSSL implementation, a truststore can be either a file or directory.
     If the truststore is a directory, then all certificates within the
     directory are considered trusted.

   PEGASUS_SSL_SERVER_CRL = $(PEGASUS_PEM_DIR)/crl
                         (= /etc/Pegasus/crl)
   o This is where the CRL (Certificate Revocation List) store resides.

 Tips Following Package Installation:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   o CIM Server default SSL certificates are generated when you run the
     tog-pegasus daemon (for example, by issuing the command
     "service tog-pegasus start") for the first time, which includes the
     following files, which are created in /etc/Pegasus: client.pem, file.pem,
     server.pem and ssl.cnf.
     Important: simply running the "cimserver" binary (/usr/sbin/cimserver)
     does NOT create the certificates or abovementioned files.
     Note: if you want to use your own certificates, simply overwrite the ones
     in /etc/Pegasus.

   o to enable/disable HTTPS port 5989 (the official WBEM secure port),
     use cimconfig.

   o the wbemcli command (from the sblim-wbemcli package)
     uses /etc/Pegasus/client.pem by default (see man wbemcli).