sfcbd - Small-Footprint CIM Broker (sfcb)
sfcb is a lightweight CIM daemon (aka CIMOM) that responds to CIM client requests for sys-
tem management data and/or performs system management tasks. sfcb supports most of the
standard CIM XML over http/https protocol. It is highly modular, allowing functionality
to be easily added, removed or customized for different management applications. sfcb is
specifically targetted for small embedded system that do not have the available CPU, mem-
ory or disk resources to support a full-blown enterprise-level CIMOM. That said, sfcb
runs very well on a regular Linux/Unix system and supports most of the functions required
by CIM clients to manage such the system. Supported CIM operations include:
CIM process and lifecycle indications (aka 'events') are also supported.
Supported command line options are:
Specify an alternative configuration file. Default=/etc/sfcb/sfcb.cfg
Run sfcbd (and child processes) in the background.
Print help message and exit.
-k, --color-trace Color the trace output of each process
Turn on runtime statistics collecting. If enabled then various sfcbd runtime sta-
tistics will be written to ./sfcbStat. Default is no statistics are collected.
Activate component-level tracing messages, where NUM is an OR-ed bitmask integer
defining which component to trace. Specifying "-t ?" will list all the components
and their associated integer bitmask.
Prints version information and exits.
sfcbd reads the configuration file /etc/sfcb/sfcb.cfg (or the file specified with the -c
option) at start up. The configuration file contains option : value pairs, one per line.
For a complete list of options, see the default configuration file included with the sfcb
Local port that sfcbd should listen to receive HTTP (i.e. insecure) requests from
CIM clients. Default=5988
Whether sfcb should accept HTTP client connections. Default=true.
Maximum number of simultaneous HTTP client connections before blocking new incoming
HTTP requests. Default=8
Local port that sfcbd should listen to receive HTTPS (i.e. secure) requests from
CIM clients. Default=5989
Whether sfcb should accept HTTPS client connections. Default=false.
Maximum number of simultaneous HTTPS client connections before blocking new incom-
ing HTTPS requests. Default=8
Whether sfcb should provide the interop namespace for indication support.
Maximum number of simultaneous provider processes. After this point if a new incom-
ing request requires loading a new provider, then one of the existing providers
will first be automatically unloaded. Default=32
Perform basic authentication on the client userid (obtained from the HTTP/HTTPS
header) before allowing the request. Default=false (i.e. no client authentication
Name of the local library to call to authenticate the client userid.
Tell sfcbd to use HTTP/HTTPS 'chunking' to return large volumes of response data to
the client in 'chunks', rather than buffering the data and sending it back all at
Specify the maximum time in seconds an sfcb HTTP process will wait between two
requests on one connection before terminating. Setting it to 0 will disable HTTP
Specify the maximum number of consecutive request on one connection. Setting it to
0 will effectively disable HTTP keep-alive. Default=10
Specify the registration directory, which contains the provider registration data,
the staging area and the static repository. Default=/var/lib/sfcb/registration
A space separated list of directories where sfcb is looking for provider libraries.
Default=/usr/lib /usr/lib/cmpi /usr/lib64 /usr/lib64/cmpi
The interval in seconds at which the provider manager is checking for idle
providers. Default: 30
The interval in seconds before an idle provider gets unloaded by the provider man-
ager. Default: 60
If set to true, all providers residing in the same shared library will be executed
in the same process unless another group has been specified in the provider regis-
tration file. Default: true
Specify the name of the file containing the server's certificate. The file must be
in PEM format. This file is only required if enableHttps is set to true. Default=
Specify the name of the file containing the private key for the server's certifi-
cate. The file must be in PEM format and may not be passphrase-protected. This file
is only required if enableHttps is set to true. Default=/etc/sfcb/file.pem
Specify the name of the file or directory containing either the CA certificate
issuing client certificates or self-signed certificates of the clients. This set-
ting is only required if sslClientCertificate is set to accept or require.
If a file, it must be in PEM format.
If a directory, it must be in "hash format": each file in the directory should be
named hash.0, where hash is the output of openssl x509 -hash. See the -CApath
option in verify(1) from the openssl package for more information about the hash
Specify the way sfcb handles client certificate based authentication. If set to
ignore it will not request a certificate from the client. If set to accept it will
request a certificate from the client but not fail if the client doesn't present
one. If set to require it will refuse the client connection if the client doesn't
present a certificate. Default=ignore
Name of the local library to call for client-certificate based user authentication.
Called only if sslClientCertificate is not set to ignore. Default=sfcCertificateAu-
Specify the trace level for sfcb. Can be overriden by setting environment variable
Specify the trace mask for sfcb. Can be overriden by the command line option
--trace-components. Default: 0.
Specify the trace file for sfcb. Can be overriden by setting environment variable
SFCB_TRACE_FILE. Default: stderr.
Specifies the name of the provider to pause after first being loaded to facilitate
attaching a runtime debugger to the provider's process for debugging purposes.
Specifies the name of the sfcb codec (currently only "http") to pause after first
being started to facilitate attaching a runtime debugger to the process.
Specifies the level of trace/debug messages for sfcb. Valid values are 0 (no trace
messages), or 1 (key trace messages only) to 4 (all messages). A default value of 1
will be assumed, if this variable is not set.
[Note: SFCB_TRACE level is used in conjunction with sfcb's component-level tracing
to control the level of detail of trace messages to display within each component]
By default sfcb trace messages are written to STDERR. Setting this envorinment
variable causes the trace messages to be written to a file instead.
If set this environment variable enables trap interrupts on x86 platforms to be
generated by sfcb in special situations.
[Note: not currently ever used]
Specifies the level of trace/debug messages for SBLIM providers. Valid values are
0 (no trace messages), or 1 (key trace messages only) to 4 (all messages).
[Note: this only applies to SBLIM providers written with explicit trace messages in
their source code.]
By default SBLIM provider trace messages are written to STDERR. Setting this
envorinment variable causes the trace messages to be written to a file instead.
Default sfcb configuration file.
SSL server certificate for sfcb.
SSL private key file for sfcb.
SSL client certificate / trust store for sfcb.
Binaries for sfcb runtime libraries.
Binaries for providers.
Adrian Schuur <firstname.lastname@example.org>
Dr. Gareth S. Bestor <email@example.com>,
Viktor Mihajlovski <MIHAJLOV@de.ibm.com>,
Chris Buccella <firstname.lastname@example.org>
The SBLIM project maintains a mailing list to which you should direct all questions
regarding sfcb, sfcc, wbemcli, or any of the SBLIM providers. To subscribe to this mail-
ing list visit
The SBLIM Project Bug tracking page can be found at
(C) Copyright IBM Corp. 2004, 2005, 2009
The Small-Footprint CIM Broker (sfcb) is a part of the SBLIM project. The most recent
version is available on the web at
sfcbmof(1), sfcbstage(1), sfcbunstage(1), sfcbrebos(1), genSslCert.sh(1), getSchema.sh(1),
sfcb Version 1.3.16 June 2009 sfcbd(1)