Choosing to Save Credentials in a File

The ilomconfig and fwupdate tools that are part of the Oracle Hardware Management Pack can connect to Oracle ILOM using the high-speed LAN interconnect. Using the LAN interconnect instead of the slower KCS interface can dramatically improve performance of key operations, such as Oracle ILOM firmware updates.

Because the LAN interconnect requires authentication, it is necessary to authenticate to Oracle ILOM for each invocation of these tools. As a convenience, it is possible to cache the credentials in a file so that the tools can use them automatically. This prevents having to embed cleartext passwords in scripts that use the Oracle Hardware Management Pack tools.

The ilomconfig tool can be used to store the user name and password in an encrypted file that is root read-only. If this file is detected when ilomconfig or fwupdate is used to access Oracle ILOM, the cached credentials are used. Alternatively, the user name and password can be specified on the command line for each invocation of the tool.

The encryption algorithm that is used is unique to each system. If the key is discovered, however, the file could be decrypted and expose the user name and password. Oracle recommends that a unique password be created on each Oracle ILOM for this purpose such that a compromised password could not be used against other Oracle ILOM systems.

See the Sun Server Hardware Management Pack User’s Guide for instructions on how to save credentials in a file.

• Oracle Hardware Management Pack Documentation Library