Certificate sharing, Ssh keys, Passwords – HP Systems Insight Manager User Manual
Page 102: Browser, Cookies, Certificate sharing ssh keys passwords, Ssl cookies
0 — Disable
•
Proxy settings:
The proxy host and port can be configured using the below properties. The proxy settings can
be cleared off or removed if both these properties are removed, or set as empty in the
globalsettings.properties
file.
Property name: PROXYHOST
Property name: PROXYPORT
Certificate sharing
HP SIM supports a mechanism whereby other components installed on the system can use the same
certificate and private key, facilitating authentication of the system as a whole instead of each
individual component. This is currently used by the Web Agents and the WBEM components on
the CMS.
SSH keys
An SSH key-pair is generated during initial configuration. The CMS public key is copied to the
managed system using the mxagentconfig tool. This key-pair is not the same as for SSL and requires
a manual process to regenerate a new pair. See the manpages or online documentation for
mxagentconfig for more details. See the Secure Shell (SSH) in HP SIM white paper located at
.
The SSH keys of the trusted systems do not expire. These keys can be removed manually from the
trust store.
Passwords
Passwords configured on the HP SIM System Credentials and Global Credentials pages are stored
in the database encrypted using 128-bit Blowfish. These passwords can be further managed using
the CLI command mxnodesecurity. A few passwords might be stored in a file on the CMS that
are also encrypted using the same 128-bit Blowfish key. These passwords can be managed using
the mxpassword command. The password file and the Blowfish key file are restricted with operating
system file permissions to administrators or root.
Prior to HP SIM 5.3, passwords configured on the HP SIM protocol settings pages are stored in a
local file on the CMS, restricted with operating system file permissions to administrators or root.
These passwords can be further managed using the mxnodesecurity command.
For User accounts, HP SIM relies on the customer environment (for example, Windows Operating
System) to govern credential policy (expiration, lockout, and so on).
Browser
SSL
All communication between the browser and the CMS or any managed server occurs using HTTPS
over SSL. Any navigation using HTTP (not using SSL) is automatically redirected to HTTPS.
Cookies
Although cookies are required to maintain a logged in session, only a session identifier is maintained
in the cookie. No confidential information is in the cookie. The cookie is marked as secure, so it
is only transmitted over SSL.
A strict separation between the content provided by unrelated sites must be maintained on the
client side to prevent the loss of data confidentiality or integrity. HP recommends you avoid links
or resources that have arrived from unauthorized sites when a valid HP SIM session is running on
browsers.
102 Understanding HP SIM security