The SMC and LifeKeeper Single Server Protection software manages credentials for communicating with other systems (i.e., vCenter Server or SIOS LifeKeeper Single Server Protection) via a credential store. This store is used during plug-in registration (see Configuring the vSphere Client Plug-in) for example. This store can be managed, as needed, by the /opt/LifeKeeper/bin/credstore command. This command allows server access credentials to be set, changed and removed – on a per server basis.
Adding or Changing Credentials
Adding and changing credentials are handled in the same way. A typical example of adding or changing credentials for a server, lkssp-server.mydomain.com, would look like this:
/opt/LifeKeeper/bin/credstore -k lkssp-server.mydomain.com myuser
In this case, myuser is the username used to access lkssp-server.mydomain.com and the password will be asked for via a prompt with confirmation (like passwd).
Note: The key name used to store LifeKeeper Single Server Protection server credentials on the SMC must match exactly the hostname of the LifeKeeper Single Server Protection server (as displayed in the Hostname: field of the vSphere Client Plug-in). If the hostname is an FQDN, then the credential key must also be the FQDN. If the hostname is a short name, then the key must also be the short name.
If following the ‘Credential Considerations’ suggested in Running Setup, a default key with an associated username and password will be used for authentication when no specific server keys exist. To add or change the default key, run:
/opt/LifeKeeper/bin/credstore -k default myuser
Listing Stored Credentials
The currently stored credentials can be listed by the following command:
/opt/LifeKeeper/bin/credstore -l
This will list the keys stored in the credential store and, in this case, the key indicates the server for which the credentials are used. (This command will not actually list the credentials, only the keys, since the credentials themselves may be sensitive.)
Removing Credentials for a Server
Credentials for a given server can be removed with the following command:
/opt/LifeKeeper/bin/credstore -d -k lkssp-server.mydomain.com
In this case, the credentials store for the server lkssp-server.mydomain.com will be removed from the store.
Additional Information
More information on the credstore utility can be found by running:
/opt/LifeKeeper/bin/credstore —man
This will show the entire man/help page for the command.
Post your comment on this topic.