×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Server Automation 8.2 ... Configuring after installation Administering security Using the blcred utility

Typical scenarios for using blcred

The following sections describe some typical scenarios for using the blcred command.

Testing for valid session credentials

If you are using a command line (BLCLI or Network Shell in proxy mode) and you want to determine whether you have a valid session credential, run the following command:

blcred cred -test -profile MyProfile

where MyProfile is the name of the authentication profile for which a session credential has been issued. If this command is successful, it generates a return code of 0, which means a valid session credential does exist for MyProfile.

To determine whether a credential's remaining lifetime exceeds a specified number of minutes, enter a command similar to the following:

blcred cred -test -profile MyProfile -time 500

where 500 is a remaining lifetime in minutes. If this command is successful, it generates a return code of 0, which means the MyProfile session credential is valid for at least 500 minutes.

Interactively obtaining a session credential

If you are interactively running Network Shell (in proxy mode) or the BLCLI and you must obtain a session credential but cannot use the console, run the following command:

blcred cred -acquire

The blcred utility prompts for an authentication profile name, user name and password if the named profile specifies SRP authentication. The example below shows an authentication session that prompts the user for credential information. Alternatively, you can specify the profile name, user name and password as command line options.

$ blcred cred -acquire
profile name: srpProfile
username: BLAdmin
password \*****\*
Authentication succeeded: acquired session credential

If you are using AD/Kerberos authentication, you can enter the same command, but when prompted for an authentication profile name, you must enter a profile name that calls for AD/Kerberos authentication. (Alternatively, you can specify the profile name as a command line option.) When employing AD/Kerberos authentication, blcred does not prompt the user for a name or password. Instead, it retrieves the user's Kerberos credential from the host operating system's AD/Kerberos credential cache. Note that UNIX users must first manually run a kinit before attempting to authenticate, as described in Obtaining a TGT for a BMC Server Automation client (UNIX only).

$ blcred cred -acquire
profile name: adkProfile
Authentication succeeded: acquired session credential

Obtaining a session credential by referencing a keytab file

If you are running Network Shell or the BLCLI in batch mode and you must obtain a session credential non-interactively, you can direct blcred to retrieve an SRP user name and password from an SRP keytab file, using a command like the following

blcred cred -acquire -profile srpProfile -i /home/<user>/user_info.dat

Obtaining a session credential using an SRP authentication profile

If you are running Network Shell or the BLCLI in batch mode, you must obtain a session credential non-interactively, and you are using SRP authentication, you can direct blcred to obtain a session credential.

blcred cred -acquire -profile srpProfile -username BLAdmin -password ******

Obtaining a session credential using an LDAP authentication profile

If you are running Network Shell or the BLCLI in batch mode, you must obtain a session credential non-interactively, and you are using LDAP authentication, you can direct blcred to obtain a session credential. If you are using a distinguished name template, you only have to provide a partial distinguished name (in this case admin ) and an LDAP password.

blcred cred -acquire -profile ldapProfile -username admin -password ******

If you are not using distinguished name templates, you must provide a full distinguished name and a password.

Displaying the contents of a session credential

Using a blcred command similar to the following

blcred cred -list

you can display the contents of your current session credential.


Username:         RBACAdmin
Authentication:   SRP
Issuing Service:  service:authsvc.bladelogic:blauth://localhost:9840
Expiration Time:  Fri Aug 17 20:57:29 EDT 2007
Maximum Lifetime: Sat Aug 18 06:57:29 EDT 2007
Client address:   127.0.0.1
Authorized Roles:
    RBACAdmins
Destination URLs:
    service:appsvc.bladelogic:blsess://localhost:9841
    service:proxysvc.bladelogic:blsess://localhost:9842
Was this page helpful? Yes No Submitting... Thank you
Last modified by Dave Wicinas on Jul 16, 2012
security blcred example

Comments

Log in or register to comment.

Using the blcred utility
Using certificates to secure communication between clients and Application Servers
© Copyright 2017 BMC Software, Inc. © Copyright 2017 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.