×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC TrueSight Infrastructure Management 11.0 ... Administering service models Defining service models Managing the Publishing Server

Securing publishing environments

You can control the execution of publishes for a specific publishing environment by setting a password on the environment. You can password protect both Atrium CMDB environments and Direct Publish environments.

Passwords are removed in generated request logs and from Publishing Server request events (class IPS_REQUEST ), unless you enable password logging by setting the PasswordLogging parameter to T (true) in the pserver.conf file. 

Passwords that contain a semicolon (;) and passwords that end with (encrypted) are not supported.

You can put a password in the pclient.conf CLI's configuration file. You can enter the password in plain text, and it is encrypted the first time a CLI is executed. This relieves you from having to enter the password on the command line when running the CLI; however, it makes the password available for anyone who has the right to execute the CLI. Also, a password that is in a CLI's configuration file applies to all executions that do not specify a password on the command line itself, regardless of the publishing environment. Therefore, if you have multiple secured environments, you need to decide whether you want to set the password of one of them in the configuration file.

Executing commands in password protected environments

If a publishing environment is password protected, then you must enter the password for every action on the environment: publishing, initializing, and penv action commands: init, set,and close

For example, you want to assign a value to the HomeCell parameter for the Accounting department, which has an environment ID = Accounting and is password protected, so you run the following command:

Example

penv set -e Accounting -p "Password=ut0p1a" -p "HomeCell=cell2"

Adding a password when you create an environment

To add a password when you create a new publishing environment, you can use the CLI command penv and the action command open, in the following format:

penv open -e  <EnvId>
 -p "OriginId=DirectPublish|AtriumCMDB" -p "NewPassword1= <password>
" -p "NewPassword2= <password>
"

where, the value of NewPassword1 is a password you specified while creating a new environment and the value of NewPassword2 is the password specified again for confirmation.

For example, you want to create a service model for the Sales department by using a BAROC source file for the service model data and password protect it. So you can create a Direct Publish environment with the CLI command penv and the action command open by using the following command:

Example

penv open -e Sales -p "OriginId=DirectPublish" -p "NewPassword1=sam3ul" -p "NewPassword2=sam3ul"

You can also enter a password in the pclient.conf or pinit.conf configuration files. You can enter the password in plain text and it is encrypted the first time a CLI command that uses the configuration file is executed.

Adding a password to an existing environment

To add a password to an environment that was not password protected when it was created, you use the CLI command penv and the action command set, in the following format:

penv set -e  <EnvId>
 -p "NewPassword1= <password>
" -p "NewPassword2= <password>
"

EnvId represents the environment ID.

password (first occurrence) represents the password and (second occurrence) represents the password again, to confirm it.

Modifying the password on an environment

To change a password on an environment, you can use the CLI command penv and the action command set, in the following format:

penv set -e  <EnvId>
 -p "Password= <old_password>
" - p "NewPassword1= <new_password>
" -p "NewPassword2= <new_password">

Removing the password from an environment

To remove the password on an environment, you can use the CLI command penv and the action command set, in the following format:

penv set -e  <EnvId>
 -p "Password= <old_password>
" - p "NewPassword1=" -p "NewPassword2="

Using CLI command publish for a password protected Atrium CMDB Publish environment

If you password protect an Atrium CMDB Publish environment, you must include the password in the command string when you execute the CLI command publish. For example:

Example

publish -e Accounting -p "Password=l0b3l1a"

Automated publishing for a secured Atrium CMDB Publish environment is preauthenticated.

Using CLI command pposter for a password protected Direct Publish environment

If you password protect a Direct Publish environment, you must include the password in the command string when you execute the CLI command pposter. For example:

Example

pposter -e Payroll -p "Password=86a032" sm_payroll.baroc

Was this page helpful? Yes No Submitting... Thank you
Last modified by Prathibha Mohan on Jul 28, 2016
security administration infra_management service_models publishing_server task

Comments

Log in or register to comment.

Examples-using cell aliases for Direct Publish publishing
About publication filters for BMC Atrium CMDB publishing
© Copyright 2013-2018 BMC Software, Inc. © Copyright 2013-2018 BladeLogic, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.