[This is preliminary documentation and subject to change.]
Authentication is the process of ensuring that only valid users are allowed access to managed objects through CIMOM. Valid users include individual users as well as group users.
There are two parts to authentication:
User identification involves verifying the user name and password and is the responsibility of marshalers: DCOM, COM, or anonymous pipes. Marshalers have no knowledge of access rights; their only responsibility is to positively identify users.
Permission assignment involves granting access to valid users and is CIMOM's responsibility. Depending on the operating system, WBEM supports varying levels of authentication. On Windows 95/98 platforms, all users are assumed to be authentic regardless of the user and password. There is no local authentication and true authentication only occurs over remoted connections.
Because Windows 95 and Windows 98 are not secure operating systems, the meaning of permissions is weaker on these systems than on other systems. Permissions on Windows 95 and Windows 98 systems refer to the fact that certain users shouldn't do particular operations, but there is no mechanism to prevent a determined user from forcing an operations to occur.
On Windows NT systems, all users are authenticated by marshalers. After authentication, the user is still subject to permissions settings.