If a Client (User) Cannot Be Authenticated by the CIM Object Manager on the WBEM Server (Solaris WBEM Services Administration Guide)

Solaris WBEM Services Administration Guide

If a Client (User) Cannot Be Authenticated by the CIM Object Manager on the WBEM Server

If a client cannot be successfully authenticated by the CIM Object Manager on the WBEM server, the WBEM server returns a CIM security exception when it attempts to establish the CIM client handle in the client application. The exception contains an error code that indicates why the authentication attempt failed.

Error	Probable Cause	Solution
`NO_SUCH_PRINCIPAL`	Specified user identity was not valid in the Solaris operating environment on the WBEM server, or the user account for that user identity either has no password or is locked.	Check that the user has a valid user identity, that is, the user can log in to the Solaris operating environment on the WBEM server machine. The Solaris system that is set up as the WBEM server might be using user identities from a name service configured on the server, so you might need to check the name service tables.
`INVALID_CREDENTIAL`	Password for the specified user (or role, if assuming a role identity) is not valid for that user in the Solaris operating environment on the WBEM server.	Check that the user's password is correct.
`NO_SUCH_ROLE`	Role identity that is assumed in the authentication to the WBEM server is not a valid RBAC role in the Solaris operating environment on the WBEM server.	The role identity might be a valid entry in the `passwd` table on the server, but you will not be able to log in to the server under that identity (Solaris does not allow you to log in directly to role identities). So, you must check the `passwd` table for the role identity, and check the `user_attr` table to ensure that the role is defined as a role type of user. Role identities in the `user_attr` table each contain an attribute in the syntax `type=role`. You can also check for a valid user or valid role identity by using the Solaris Management Console User tool. You can use User Management to check for a user, and you can use Role Management to check for a role. However, when using the User tool, you must know the correct source of the tables on the CIM Object Manager server. In other words, if the CIM Object Manager server is using a name service such as NIS, you must access the master server for that name service.
`CANNOT_ASSUME_ROLE`	Role identity is valid, but the specified user identity in the authentication exchange is not configured to assume that role.	Explicitly assign users to roles by using the Administrative Role tool in the Solaris Management Console User tool collection, which is described in “Changing Role Properties” in System Administration Guide: Security Services.