We have a need for sfcb to support arbitrary WBEM clients connecting to sfcb on localhost without passing credentials (username/password).
There are a couple of ways to do this. OpenWBEM and Pegasus both support a file-based authentication scheme to identify a local user. A secret is placed in a temporary file by the cimserver, and the cimserver chowns/chmods the file so that only the client user can read it. If the client can return the secret, the client is who she claims to be.
Another approach is to communicate over a unix domain socket, and use the peer credential feature of unix domain sockets. Attached is a patch that takes this approach.
The patch enables the HTTP Adapter to listen on multiple ports, or rather, one port and one unix socket.
We might want to take this patch further, and have a single HTTP Adapter listen on the HTTP port, the HTTPS port, and the unix socket. It wasn't clear to me why there are separate daemons for HTTP and HTTPS -- it is the same code, just started with different options. It wouldn't take much effort to have a single HTTP Adapter daemon servicing the HTTP port, HTTPS port, and HTTP over the unix socket.
Proposed patch.
Logged In: YES
user_id=1550470
Originator: NO
committed to HEAD, but set set enableUds to false by default.
Logged In: YES
user_id=1312539
Originator: NO
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 60 days (the time period specified by
the administrator of this Tracker).