Network Shell to Network Shell proxy server

For traffic between a Network Shell client and a Network Shell proxy server, BMC Server Automation relies on TLS to secure communication between client and server and single sign-on credentials to authenticate client users.

Network Shell users obtain single sign-on credentials by authenticating themselves to the BMC Server Automation Authentication Service. The BMC Server Automation Authentication Service supports many user authentication mechanisms. SRP is the default user authentication mechanism.

Network Shell does not have a built-in authentication utility. Users can acquire and cache a SSO session credential through the BMC Server Automation Console. Network Shell can use that credential. Alternatively, Network Shell users can use a separate user authentication command line utility, blcred, to authenticate themselves to an Authentication Service and acquire a SSO session credential.


  • A default BMC Server Automation installation sets up a single sign-on system using SRP authentication and TLS session layer security. Additional configuration is necessary to set up a Network Shell Proxy Service, implement any authentication mechanism other than SRP, or customize SSO behavior. For implementation details, see Implementing single sign-on.
  • For information about using the blcred utility to obtain session credentials, see Using the blcred utility.
Was this page helpful? Yes No Submitting... Thank you