Authentication on CIMOM

When a user request comes through HTTP or HTTPS, CIMOM determines whether this is a legitimate user on the system. If the request does not pass the authentication, the request is rejected. If you set the enableAuthentication property to false, the CIMOM authentication function is disabled.

Local users are users on a system who are sending requests to CIMOM on the same system. Remote users are users on a system who are sending requests to CIMOM on another system. By default, CIMOM uses Secure Sockets Layer (SSL) for all remote communications, with client-side and server-side certificates that are trusted by the management applications.

Local user authentication

For local users, CIMOM uses a local authentication mechanism. CIMOM accepts the authentication that is already done by the system itself so that local requests include only the users’ login names without their passwords. HTTP authentication is still used, but because the user is already logged in, no password is needed.

Remote user authentication

Remote users are authenticated by HTTP basic authentication or HTTPS SSL peer certificate authentication. Configuration settings for the following properties determine which mechanisms are used:
  • enableAuthentication
  • enableHttpConnection
  • enableHttpsConnection
  • sslClientVerificationMode

For detailed information about the descriptions and default values of these properties, see the information about basic and advanced startup properties.