Configuring Credentials

Adding or Changing Credentials

Adding and changing credentials are handled in the same way. A typical example of adding or changing credentials for a server, server.mydomain.com, would look like this: 

/opt/LifeKeeper/bin/credstore -k server.mydomain.com myuser

In this case, myuser is the username used to access server.mydomain.com and the password will be asked for via a prompt  with confirmation (like passwd). 

Note: The key name used to store LifeKeeper server credentials must match exactly the hostname used in commands such as lkpolicy. If the hostname used in the command is an FQDN, then the credential key must also be the FQDN. If the hostname is a short name, then the key must also be the short name.

You may wish to set up a default key in the credential store. The default credentials will be used for authentication when no specific server key exists. To add or change the defaultkey, run:

/opt/LifeKeeper/bin/credstore -k default myuser

Listing Stored Credentials

The currently stored credentials can be listed by the following command:

/opt/LifeKeeper/bin/credstore -l

This will list the keys stored in the credential store and, in this case, the key indicates the server for which the credentials are used. (This command will not actually list the credentials, only the key names, since the credentials themselves may be sensitive.)

Removing Credentials for a Server

Credentials for a given server can be removed with the following command:

/opt/LifeKeeper/bin/credstore -d -k myserver.mydomain.com

In this case, the credentials for the server myserver.mydomain.com will be removed from the store.

Additional Information

More information on the credstore utility can be found by running:

/opt/LifeKeeper/bin/credstore --man

This will show the entire man/help page for the command.