Securing publishing environments
You can control the execution of publishes for a specific publishing environment by setting a password on the environment. You can password protect both Atrium CMDB environments and Direct Publish environments.
Passwords are removed in generated request logs and from Publishing Server request events (class IPS_REQUEST
), unless you enable password logging by setting the PasswordLogging
parameter to T (true) in the pserver.conf file.
Passwords that contain a semicolon (;) and passwords that end with (encrypted) are not supported.
You can put a password in the pclient.conf CLI's configuration file. You can enter the password in plain text, and it is encrypted the first time a CLI is executed. This relieves you from having to enter the password on the command line when running the CLI; however, it makes the password available for anyone who has the right to execute the CLI. Also, a password that is in a CLI's configuration file applies to all executions that do not specify a password on the command line itself, regardless of the publishing environment. Therefore, if you have multiple secured environments, you need to decide whether you want to set the password of one of them in the configuration file.
Executing commands in password protected environments
If a publishing environment is password protected, then you must enter the password for every action on the environment: publishing, initializing, and penv
action commands: init, set,and close
For example, you want to assign a value to the HomeCell
parameter for the Accounting department, which has an environment ID = Accounting and is password protected, so you run the following command:
Adding a password when you create an environment
To add a password when you create a new publishing environment, you can use the CLI command penv
and the action command open
, in the following format:
penv open -e <EnvId>
-p "OriginId=DirectPublish|AtriumCMDB" -p "NewPassword1= <password>
" -p "NewPassword2= <password>
"
where, the value of NewPassword1 is a password you specified while creating a new environment and the value of NewPassword2 is the password specified again for confirmation.
For example, you want to create a service model for the Sales department by using a BAROC source file for the service model data and password protect it. So you can create a Direct Publish environment with the CLI command penv
and the action command open
by using the following command:
You can also enter a password in the pclient.conf or pinit.conf configuration files. You can enter the password in plain text and it is encrypted the first time a CLI command that uses the configuration file is executed.
Adding a password to an existing environment
To add a password to an environment that was not password protected when it was created, you use the CLI command penv
and the action command set
, in the following format:
penv set -e <EnvId>
-p "NewPassword1= <password>
" -p "NewPassword2= <password>
"
EnvId represents the environment ID.
password (first occurrence) represents the password and (second occurrence) represents the password again, to confirm it.
Modifying the password on an environment
To change a password on an environment, you can use the CLI command penv
and the action command set
, in the following format:
penv set -e <EnvId>
-p "Password= <old_password>
" - p "NewPassword1= <new_password>
" -p "NewPassword2= <new_password">
Removing the password from an environment
To remove the password on an environment, you can use the CLI command penv
and the action command set
, in the following format:
penv set -e <EnvId>
-p "Password= <old_password>
" - p "NewPassword1=" -p "NewPassword2="
Using CLI command publish for a password protected Atrium CMDB Publish environment
If you password protect an Atrium CMDB Publish environment, you must include the password in the command string when you execute the CLI command publish
. For example:
Automated publishing for a secured Atrium CMDB Publish environment is preauthenticated.
Using CLI command pposter for a password protected Direct Publish environment
If you password protect a Direct Publish environment, you must include the password in the command string when you execute the CLI command pposter
. For example:
Comments
Log in or register to comment.