Page tree
Skip to end of metadata
Go to start of metadata

You can define a credential record for each application on a remote system for which you want a specific user to run actions. You can use the iadmin command for the following options to update credential records in the credential_repository.xml file and to initialize any changes to the action task definitions in the .xml files in the installationDirectory\pw\pronto\data\admin\actions directory (Microsoft Windows) or user/pw/pronto/data/admin/actions directory (UNIX or Linux). 

The iadmin options for the credential record are:

Command

Description

-acr:

adds a credential record to the credential_repository.xml file.

-mcr:

modifies an existing credential record.

-dcr:

deletes a credential record.

-lcr:

lists the credential.

-reinit actions

loads the action files after any additions or changes to the action tasks defined in the .xml files in the installationDirectory\pw\pronto\data\admin\actions directory (Microsoft Windows) or /usr/pw/pronto/data/admin/actions directory (UNIX or Linux). Guidelines for using the iadmin command to manage credential records

The asterisk*

functions as a wildcard - it is a valid entry only for the applicationname and applicationinstancename fields. It indicates that any value of the applicationname or applicationinstancename field is acceptable.

  • The search algorithm does not support pattern matching. Your entry must match exactly the underlying value.
  • Any alphanumeric value is valid for the applicationname and applicationinstancename fields.
  • Enclose any password values in double quotation marks to ensure proper processing. On UNIX or Linux systems, run the iadmin command without the bash shell to reinforce the proper processing of the password value.

To add a credential record

From the installationDirectory\pw\server\bin directory (Microsoft Windows) or the /usr/pw/server/bin directory (UNIX or Linux), run the iadmin command using the -acr option, using the following syntax:

iadmin -acr userorgroup=<user/group>:credentialId=<string>:
applicationname=<string>:applicationinstance=<string>:
hostname_or_domain=<Hostname or Domain>:loginuser=<string>:
loginpassword=<string>:executeuser=<string>:executepassword=<string>:
login_user_domain=<string>

Note

If you are using the IPv6 address instead of the host name, ensure that the IPv6 address in enclosed in square parentheses []. This applies to both the primary and the secondary hosts. For example,
iadmin -ac name=chas_cell3:
key=mc:primaryHost=[2001:500:100:1447:250:56ff:febd:7c0a]:
primaryPort=8608:environment=Production:usergroups=*
 

The following table lists the required fields for the -acr option. You must include values for the required fields; otherwise, the credential record is not created.

Required fields: adding a credential record

-acr field name

Description

credentialId

The user account (default) or the group Id value.

hostname_or_domain

The host name of the remote system, as in myremotecomputer123, or the domain name in which it resides.

applicationname

Name of the application. You can enter an asterisk "*" to bypass a specific application value.

applicationinstance

Name of the application instance. You can enter an asterisk "*" to bypass a specific instance value.

login_user_domain

This option is required when the log-on account belongs to an Microsoft Windows system.

The userorgroup field is optional. If you leave the userorgroup field blank, the -acr option assumes that user is the selection, and the value you enter in the credentialId field (required) is the user account. To specify a group Id value, set the userorgroup field equal to group, and then specify the group value in the credentialId field. 

Using the iadmin command syntax, you enter password values in clear text. However, the passwords are encrypted when they are added to the credential_repository.xml file.

To modify a credential record

From the installationDirectory\pw\server\bin directory (Microsoft Windows) or /usr/pw/server/bin directory (UNIX or Linux), run the iadmin command using the -mcr option, using the following syntax:

iadmin -mcr userorgroup=<user/group>:
credentialId=<string>:hostname_or_domain=<string>:
applicationname=<string>:applicationinstance=<string>:
login_user_domain=<string>:loginuser=<string>:
loginpassword=<string>:executeuser=<string>:
executepassword=<string>


You can modify any of the fields, but you must enter required fields listed in the following table to create a record.
Required fields: modifying a credential record

-acr field name

Description

credentialId

The user account (default) or the group Id value. If you specify a group Id value, you must set userorgroup equal to group.

hostname_or_domain

The host name of the remote system, such as myremotecomputer123, or the domain name where the remote system resides (domain).

applicationname

Name of the application. You can enter an asterisk "*" to bypass a specific application value.

applicationinstance

Name of the application instance. You can enter an asterisk "*" to bypass a specific instance value.

To delete a credential record

  1. From the installationDirectory\pw\server\bin directory (Microsoft Windows) or /usr/pw/server/bin directory (UNIX or Linux), run the iadmin command using the -dcr option, using the following syntax:

    iadmin -dcr userorgroup=<user/group>:credentialId=<string>:
    hostname_or_domain=<string>:applicationname=<string>:
    applicationinstance=<string>
  2. To delete a record, you must specify values for the required fields listed in the following table:
    Required fields: deleting a credential record

    -dcr field name

    Description

    credentialId

    The user account (default) or the group Id value.

    hostname_or_domain

    The host name of the remote system, such as myremotecomputer123, or the domain name where the remote system resides.

    applicationname

    Name of the application. You can enter an asterisk "*" to include all values.

    applicationinstance

    Name of the application instance. You can enter an asterisk "*" to include all values.

To list credential records

From the installationDirectory\pw\server\bin directory (Microsoft Windows) or /usr/pw/server/bin directory (UNIX or Linux), run the iadmin command using the -lcr option, as in the following example. You do not have to specify any credential record parameters. 

iadmin -lcr

How JServer searches for credentials

After the action task is invoked by the action rule, the JServer searches the credential record for the corresponding remote log-on credentials in the following sequence:

  1. JServer_USER + ApplicationName + ApplicationInstanceName + Host
  2. JServer_USER_GROUP + ApplicationName + ApplicationInstanceName + Host
  3. JServer_USER + ApplicationName + ApplicationInstanceName + Domain
  4. JServer_USER_GROUP + ApplicationName + ApplicationInstanceName + Domain
  5. JServer_USER + ApplicationName + * + Host
  6. JServer_USER_GROUP + ApplicationName + * + Host
  7. JServer_USER + ApplicationName + * + Domain
  8. JServer_USER_GROUP + ApplicationName + * + Domain
  9. JServer_USER + * + * + Host
  10. JServer_USER_GROUP + * + * + Host
  11. JServer_USER + * + * + Domain
  12. JServer_USER_GROUP + * + * + Domain
  13. JServer_USER + * + ApplicationInstanceName + Host
  14. JServer_USER_GROUP + * + ApplicationInstanceName + Host
  15. JServer_USER + * + ApplicationInstanceName + Domain
  16. JServer_USER_GROUP + * + ApplicationInstanceName + Domain

    The wildcard * in the ApplicationName and ApplicationInstanceName fields indicates any value.

    If you are implementing automatic remote execution, the JServer searches the credential records for an JServer_USER with the same value as the JServer user name defined under the Encryption Key parameter of the Admin record. Therefore, to use the default Admin record, you must modify the default Encryption Key value of 0 by changing it to a specific JServer user name and password. Then you define in the credential record the JServer user with the credential ID set equal to the value you specified in the Encryption Key value of the Admin record.

1 Comment

  1.