test

Sun Desktop Manager 1.0 Administration Guide

Authentication by Username and Password

A username and password are required for each execution of a command.

Authentication by login command

The CLI provides a login command to allow username/password pairs to be stored in a credentials file in the administrator's home directory. This file is named .apocpass. The .apocpass file has restricted access.

If authentication is successful, a username/password pair entry is added to the .apocpass file. The key for this pair is made up of the server/port/base DN and the username so that username/password pairs can be stored for other back ends in the same file.

Once the login command has successfully completed, other CLI commands can be executed without the necessity of specifying a username or password.

For more details on how to use the login command, see Login.

Authentication for the other commands

For other commands, the CLI first checks to see if an .apocpass file exists for the current user.

If the file does not exist, the user is prompted for a username and password. If this username and password is successfully authenticated, the command is executed.

If the credentials file does exist and a username has been specified at the command line, the CLI looks for an entry for the host, port, base DN and username. If an entry exists, the stored user DN and password is used to execute the command, otherwise the user is prompted for a password.

If a username is not specified at the command line, the .apocpass file is searched for keys using the host/port and base DN combination. If there is a unique entry for this combination, the stored user DN and password is used to execute the command. If the entry is not unique, the user is prompted for a username. If this matches an entry, the stored user DN and password is used to execute the command. If this does not match, then the user is prompted for a password.

Where the user is prompted for a password, an entry from the .apocpass file for this host/port/baseDN combination is used to authenticate the username and password. If such an entry does not exist, anonymous access is used for the authentication.