External programs can use the Extensible Messaging and Presence Protocol (XMPP – RFC 3920) to communicate with the Logical Domains Manager. XMPP is supported for both local and remote connections and is on by default. The XML interface supports only version 1.2 of the Transport Layer Security (TLS) protocol.
To disable a remote connection, set the ldmd/xmpp_enabled SMF property to false and restart the Logical Domains Manager.
# svccfg -s ldom/ldmd setprop ldmd/xmpp_enabled=false # svcadm refresh ldmd # svcadm restart ldmd
The Logical Domains Manager implements an XMPP server which can communicate with numerous available XMPP client applications and libraries. The Logical Domains Manager uses the following security mechanisms:
Transport Layer Security to secure the communication channel between the client and itself.
Simple Authentication and Security Layer (SASL) for authentication. PLAIN is the only SASL mechanism supported. You must send in a user name and password to the server so it can authorize you before allowing monitoring or management operations.
The Logical Domains Manager detects whether user clients are running on the same domain as itself and, if so, does a minimal XMPP handshake with that client. Specifically, the SASL authentication step after the setup of a secure channel through TLS is skipped. Authentication and authorization are done based on the credentials of the process implementing the client interface.
Clients can choose to implement a full XMPP client or to simply run a streaming XML parser, such as the libxml2 Simple API for XML (SAX) parser. Either way, the client has to handle an XMPP handshake to the point of TLS negotiation. Refer to the XMPP specification for the sequence needed.