If a Client (User) Cannot Be Authenticated by the CIMOM on the WBEM Server
If a client cannot be successfully authenticated by the CIMOM on the WBEM server, the WBEM server returns a CIM security exception. This exception is returned when the server attempts to establish the CIM client handle in the client application. The exception contains an error code that indicates why the authentication attempt failed.
If the WBEM server cannot verify the user identity and credential and the user's identity is invalid, the WBEM server returns a CIM security exception. This exception includes the NO_SUCH_PRINCIPAL error. If the WBEM server cannot verify the user's identity and credential and the user's password is invalid for that user's identity, the WBEM server returns a CIM security exception. This exception includes the INVALID_CREDENTIAL error.
If the WBEM server cannot verify the Solaris OS role identity, the WBEM server returns a CIM security exception that includes the NO_SUCH_ROLE error.
If the role password is invalid for the specified role identity, the WBEM server returns the INVALID_CREDENTIAL error in the CIM security exception.
If both the role identity and role password are valid but the user is not allowed to assume the role, the WBEM server returns the CANNOT_ASSUME_ROLE error in the CIM security exception.
These CIM security exceptions are described in more detail in the following table.
|
Error |
Probable Cause |
Solution |
|---|---|---|
|
NO_SUCH_PRINCIPAL |
Specified user identity was not valid in the Solaris OS on the WBEM server. The user account for that user identity has no password. The user account for that user identity is locked. |
Check that the user has a valid user identity. In other words, ensure that the user can log in to the Solaris OS on the WBEM server machine. You might also need to check the name service tables. This check is to determine whether the Solaris WBEM server might be using user identities from a name service configured on the server. |
|
INVALID_CREDENTIAL |
Password for the specified user, or assumed role, is not valid for that user in the Solaris OS on the WBEM server. |
Check that the user's password is correct. |
|
NO_SUCH_ROLE |
Role identity that is used for authentication to the WBEM server is not a valid RBAC role in the Solaris OS on that server. |
The role identity might be valid in the passwd table on the server, but you cannot log into the server using that identity. The Solaris software does not allow you to log in directly to role identities. You must check the passwd table for the role identity, and check theuser_attrtable to ensure that the role is defined as type user. Role identities in the user_attr table contain an attribute in the syntax type=role. You can also check for a valid user or valid role identity by using the Solaris Management Console User tool. You can use User Management to check for a user, and you can use Role Management to check for a role. However, when using the User tool, you must know the correct source of the tables on the CIMOM server. In other words, if the CIMOM server is using a name service such as NIS, you must access the master server for that name service. |
|
CANNOT_ASSUME_ROLE |
Role identity is valid, but the specified user identity in the authentication exchange is not configured to assume that role. |
Assign users to roles by using the Administrative Role tool in the Solaris Management Console User tool collection, which is described in How to Change the Properties of a Role in System Administration Guide: Security Services. |
- © 2010, Oracle Corporation and/or its affiliates