×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')

Unsupported content

 

This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.
BMC Atrium Orchestrator Content 20.16.03 ... Base adapters Terminal adapters

Kerberized SSH adapter

The Kerberized SSH adapter uses Kerberos to securely authenticate clients prior to executing SSH commands on a remote host. This adapter supports the following client types for Kerberos authentication:

  • Java client: This adapter type is used when the target SSH server supports GSS-API-based Kerberos authentication for the SSH2 protocol. The LoginModule within the Java Authentication and Authorization Services (JAAS) is used to authenticate and obtain a Kerberos ticket. SSH2 is the only supported protocol for this type.
  • Local client: This adapter type invokes the SSH client executable and makes use of what ever is available on that local host and matching the SSH server implementation. This client type uses the sun.security.krb5.internal.tools.Kinit Sun class to obtain the Kerberos ticket before invoking the SSH client. This client type supports both SSH1 and SSH2 protocols, provided both the local SSH client and the target SSH server are compatible. The SSH server must allow creation of pseudo terminal client sessions to use a prompt while issuing commands.

With either client type implementation for this adapter, the use of a prompt is optional. If a <prompt> element is not defined, each command is executed in a separate session, as if each was executed in a new command shell. Each command is executed independently, without effect on subsequent commands. With the definition of a <prompt>, commands are executed in a sequence, in the same login shell.

Executing a command with non-prompt-based SSH is analogous to appending the command to a Linux or Solaris client's command (ssh user1@server1 ls ). This results in an environment that is different from prompt-based SSH, in which the command is executed within the context of a login shell.

Both types of Kerberized SSH adapters can use can use the following common features. For details about these features, see Base adapter features.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shilpa Gokhale on May 05, 2016
base_adapters terminal_adapters kerberized_ssh

Comments

Log in or register to comment.

Troubleshooting the SSH adapter
Configuring the Kerberized SSH adapter for a Java client
© Copyright 2024 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.