Common credentials and domain search

The asterisk (*) character refers to a common set of credentials--user name, password, and invocation mechanism--that are used to access host systems in a particular domain. BMC recommends that every domain contain a host entry with a common set of credentials denoted by the asterisk character.

The Credentials Store module uses the asterisk as a default credentials match when the domain search cannot find a matching specified hostname in the domain. Do not remove the default asterisk entry from any domain. If the default credentials marked by the asterisk were not available, then the workflow would continue to try to log on to the specified host system but would fail because the workflow would not find a match in the domain.

Note

You must make separate host entries for specific host systems in the domain that have unique names and user name/password combinations.

The domain search works differently based on how the host name is specified. For example, if the host name is a fully qualified domain name, the search looks in the domain category with the corresponding domain name. If it finds a host name match, it uses the selected hostname's definition. If the search does not find a matching host name, then it selects the credentials of the host name designated by the asterisk in the domain category. If the host is designated by a host name only, then the search looks in the default domain category. If it finds a matching hostname, then it uses the selected host name's definition. If the search does not find a matching host name, then it selects the credentials of the host name designated by the asterisk in the default domain category.

If the host is designated by an IP address, then the search also looks in the default domain category. If it finds a matching IP address, then it uses the specified IP address's definition. If the search does not find a matching IP address, then it selects the credentials of the hostname designated by the asterisk in the default domain category.

If the host name is a fully qualified domain name but the domain is not defined in the Credentials Store module, then the search tries to match the host name in the default domain category. If it does not find a match, then it selects the credentials of the host name designated by the asterisk.

Tip

When testing the connections to hosts defined under specific domains in the Datacenter, if the target host does not reply with the fully qualified domain name, then you must remove the host and its credentials from the specified domain and place it in the default domain instead.

IP address for the host node under the default domain

The IP_Address field is an optional configuration item that you can specify under a host node entry of the default domain group. (The default domain group contains host node entries that do not have associated domain names.) The IP_Address value is valid only for host node entries in which the Hostname value is well defined, not where the it is an asterisk value (*).

Hostname is used as a lookup value. In a default domain group where the host node entry has both a well-defined Hostname value and an IP_Address value, the IP_Address value is sent as the return value in the connection details. In the context of the default domain group, in which host node entries do not have specified domain names, the IP_Address value provides more certainty to the adapter connection.

In the following example, the Hostname field with the value pun-esx-mgc13 is also identified by the IP_Address field with the value 132.255.30.44 under host node 2 of the default domain.


If the host system cannot be identified by the hostname pun-esx-mgc13, then the specified IP address 132.255.30.44 is used.

Warning

Do not include an IP address entry under a host node where the host name value is specified by the asterisk.

When you include an IP address entry under a host node, the connection details that are generated for the host entry return the IP address value for the host name element. The following XML example shows the IP address value (highlighted in bold text) in the <hostname> element of the connection details:

<connection-details>
	<password>
		<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type=
			"http://www.w3.org/2001/04/xmlenc#Content">
			<CipherData>
				<CipherValue>/K73ki3frPoZFLdeBWVLBQ==</CipherValue>
			</CipherData>
		</EncryptedData>
	</password>
	<username>esxuser</username>
	<hostname>132.255.30.44</hostname>
	<invocation-mechanism>ssh</invocation-mechanism>
	<timeout>125</timeout>
	<adapter-name>SSHAdapter</adapter-name>
</connection-details>
Was this page helpful? Yes No Submitting... Thank you

Comments