Securing Pegasus

 

You can find out the options that are available for ensuring that the CIM server is secure in this topic. One of the most significant concerns for a Pegasus administrator is how to configure security. This is particularly true for i5/OS^® because of i5/OS platform security requirements, significant functions were added to the open source implementation. In Pegasus, there are two types of security checks, authentication and authorization.

• Authentication
  Pegasus uses an authentication process to determine which users can log into the CIMOM. Unless the enableAuthentication property of the cimconfig command is set to false, authentication is performed for every connection, before users can access the CIM data.

• Enabling Kerberos
  Pegasus on iSeries™ supports both Kerberos and Enterprise Identity Mapping (EIM). To enable Kerberos, use the cimconfig commands to set the httpAuthType configuration option to Kerberos (this is the default value).

• Authorizing Pegasus
  A type of security check that is required for Pegasus on i5/OS is verifying that users have access to the objects they are trying to change. This process is called authorization.

 

Parent topic:

Common Information Model

Related concepts
Enterprise Identity Mapping (EIM) cimconfig usage information Network authentication service Host name resolutions considerations