2.2.4.34 ServiceAuthType

ServiceAuthType MUST be used to configure the authentication mechanisms that are enabled or disabled on the Web Services Management Protocol Extensions for Windows Vista service.

The Web Services Management Protocol Extensions for Windows Vista service MUST implement the following security profiles:

• wsman:secprofile/http/basic, as specified in [DMTF-DSP0226] section Annex C.3.1.

• wsman:secprofile/https/basic, as specified in [DMTF-DSP0226] Annex C.3.3.

• wsman:secprofile/https/mutual, as specified in [DMTF-DSP0226] Annex C.3.5.

• wsman:secprofile/https/spnego-kerberos, as specified in [DMTF-DSP0226] Annex C.3.8.

• wsman:secprofile/http/spnego-kerberos, as specified in [DMTF-DSP0226] Annex C.3.10.

   <xs:schema xmlns:cfg="http://schemas.microsoft.com/wbem/wsman/1/config"
    xmlns:xs="http://www.w3.org/2001/XMLSchema"
    targetNamespace="http://schemas.microsoft.com/wbem/wsman/1/config"
    elementFormDefault="qualified">
     <xs:complexType name="ServiceAuthType">
       <xs:sequence>
         <xs:element name="Basic" type="xs:boolean" default="false"/>
         <xs:element name="Kerberos" type="xs:boolean" default="true"/>
         <xs:element name="Negotiate" type="xs:boolean" default="true"/>
         <xs:element name="Certificate" type="xs:boolean" default="false"/>
         <xs:element name="CredSSP" minOccurs=0 type="xs:boolean" default="false"/>
         <xs:element name="CbtHardeningLevel" minOccurs=0 type="xs:string" default="Relaxed"/>
       </xs:sequence>
     </xs:complexType>
   </xs:schema>
  

Elements

Basic: Enables or disables Basic authentication using the security profiles wsman:secprofile/http/basic or wsman:secprofile/https/basic. The default value of this element is FALSE.

Kerberos: Enables or disables Kerberos authentication using the security profiles wsman:secprofile/http/spnego-kerberos or wsman:secprofile/https/spnego-kerberos. The default value of this element is TRUE.

Negotiate: Enables or disables Negotiate authentication using the security profiles wsman:secprofile/http/spnego-kerberos or wsman:secprofile/https/spnego-kerberos. The default value of this element is TRUE.

Certificate: Enables or disables Certificate authentication using the security profile wsman:secprofile/https/mutual. The default value of this element is FALSE.

CredSSP: Enables or disables CredSSP authentication using the CredSSP security profile, as specified in section 3.1.4.1.28. The default value of this element is FALSE.

CbtHardeningLevel: Sets the policy regarding the requirement of channel-binding tokens in authentication requests, as specified in [RFC2743], section 1.1.6. May be one of three possible values:

• Strict: If a channel-binding token is provided by the client, the service SHOULD use that information when authenticating the user, and the service MUST process the request. If a channel-binding token is not provided, the service SHOULD NOT process the request and SHOULD return a failure.

• Relaxed: If a channel-binding token is provided by the client, the service SHOULD use that information when authenticating the user. Whether or not a channel-binding token is provided, the service MUST process the request.

• None: The service SHOULD ignore any channel-binding token provided by the client, and the service MUST process the request.

The value of this element is relevant only when the connection is over HTTPS. When the connection is over HTTP, the service MUST ignore any channel-binding token provided by the client, and the service MUST process the request.

The default value of this element is Relaxed.

These configuration settings are used when processing messages as specified in section 3.1.4.1.29.2.