topic Re: mxnodesecurity command changed in SIM 5.3 in Server Management - Systems Insight Manager

mxnodesecurity command changed in SIM 5.3

Fredrik Uddin-Backman2 — Fri, 12 Jun 2009 13:18:50 GMT

In HP SIM 5.1 I had the possibility to add a wbem node with mxnodesecurity -a -p wbem -c cert -n nodename.domain.com. In 5.3 the command doesnt understand the cert keyword. How am I supposed to add a wbem host with certificate authentication now? Don't say via "Configure & repair agents" because that kind of requires me to open up ssh login for root.

Re: mxnodesecurity command changed in SIM 5.3

sandeep_raman — Mon, 15 Jun 2009 12:49:12 GMT

From the SIM 5.3 manpages the -c cert option does exist in SIM 5.3. If the command is failing, provide details about it

http://h18013.www1.hp.com/products/servers/management/hpsim/info-library51/mxnodesecurity.4.html

mxnodesecurity -a -f xmlfilename

The 'certname' attribute specifies a certificate-based credential. If the keyword "cert" is used as a value for this attribute, then the credential is accepted as a certificate-based credential, and an internal default certificate will be used to access the node. Username and password will be ignored, if present, when the credential is certificate-based. Only 'wbem' type protocol may be specified when the credential is certificate-based

http://h18013.www1.hp.com/products/servers/management/hpsim/info-library51/mxnodesecurity.1m.html

This command adds a WBEM Certificate-based credential to the node security repository for the node mycomputer.ak.hp.com. Note that the certificate used will be an internally defined default certificate. You can not specify a unique certificate name of your own choosing. The keyword 'CERT' is case insensitive.
mxnodesecurity -a -p wbem -c CERT -n mycomputer.ak.hp.com

Re: mxnodesecurity command changed in SIM 5.3

Fredrik Uddin-Backman2 — Tue, 16 Jun 2009 03:51:57 GMT

I don't know where those man pages you refer to come from but according to my installed 5.3 manpages the "-c cert" option has disappeared. Some output:

mxversion
Systems Insight Manager 5.3 - Linux C.05.03.00.00 ( 2008-12-10 15:45 )

mxnodesecurity -a -p wbem -c cert -n fsu12
The '-c username:password' option requires both username and password. The credentials have not been added.
Usage:
mxnodesecurity -a -p protocol -c username:password [-t on|off] -n nodename (add/modify node credential)
mxnodesecurity -a -p snmp -c writestring:readstring [-t on|off] -n nodename (add/modify snmp node credential)
mxnodesecurity -a -p wbem -c username:password [-t on|off] -n nodename[:port#] (add/modify wbem node credential)
mxnodesecurity -a -p sign-in -c username:password [-t on|off] -n nodename (add/modify sign-in type node credential)
mxnodesecurity -a -p protocol -c username:password (add default credential)
mxnodesecurity -a -p protocol -c username:password -n @default# (modify default credential)
mxnodesecurity -a -f filespec (add/modify credentials as specified in external xml file)
mxnodesecurity -r -p protocol -n nodename (remove node credential)
mxnodesecurity -r -p wbem -n nodename[:port#] (remove wbem node credential)
mxnodesecurity -r -p protocol -n @default# [-x {fd|fcd}] (remove default credential)
mxnodesecurity -r -p protocol [-x {fd|fcd}] (remove all default credentials of specified protocol)
mxnodesecurity -r -f filespec (remove credentials as specified in external xml file)
mxnodesecurity -l [[-p protocol] [-n nodename]] (list credentials)
option: -t = try other credentials (on | off) default = off
option: -x = extended (fd | fcd) default = any referenced credential will not be deleted
fd (forceDelete) = delete credentials and any references - system comm may be lost
fcd (forceCopyDelete) = delete credentials and copy any references - system comm is retained
standard protocols: (snmp, wbem, ws-man, ssh, sign-in)
sign-in: a protocol independent type credential used to sign into the managed node
default/global: a type of credential that applies to all nodes/systems

Re: mxnodesecurity command changed in SIM 5.3

Fredrik Uddin-Backman2 — Tue, 16 Jun 2009 06:53:40 GMT

http://h10018.www1.hp.com/wwsolutions/misc/hpsim-helpfiles/cliguide53.pdf

Re: mxnodesecurity command changed in SIM 5.3

David Claypool — Tue, 16 Jun 2009 16:00:16 GMT

Certificate authentication is only available for the HP-UX version of WBEM. Since you appear to be using Linux, this does not apply.

Also, going back to your original post, where you refer to opening up ssh login for root, HP SIM 5.3 now supports privilege elevation through su or sudo, so that isn't necessary.

Re: mxnodesecurity command changed in SIM 5.3

Fredrik Uddin-Backman2 — Wed, 17 Jun 2009 04:11:01 GMT

mxnodesecurity command is for managing credentials to managaged nodes so in order to have certificate based WBEM authentication to a HPUX managed host i need to add a cert based credential. That I did in 5.1 (on Linux & Windows SIM) with mxnodesecurity -c cert.