Oracle® Hardware Management Pack for Oracle Solaris 11.2 Security Guide

Exit Print View

Updated: September 2015

Choosing to Save Credentials in a File

As of Oracle Solaris 11.2 SRU 14, this feature has been disabled.

The ilomconfig and fwupdate tools that are part of the Oracle Hardware Management Pack for Oracle Solaris can connect to Oracle ILOM using the high-speed Host-to-ILOM Interconnect. Because the Host-to-ILOM Interconnect requires authentication, it is necessary to authenticate to Oracle ILOM for each invocation of these tools. As a convenience, it is possible to cache the credentials in a file so that the tools can use them automatically. This prevents having to embed cleartext passwords in scripts that use the Oracle Hardware Management Pack tools.

The ilomconfig tool can be used to store the user name and password in an encrypted file that is root read-only. If this file is detected when ilomconfig or fwupdate is used to access Oracle ILOM, the cached credentials are used. Alternatively, the user name and password can be specified on the command line for each invocation of the tool.

The encryption algorithm is used is unique to each system. If the key is discovered, however, the file could be decrypted and expose the user name and password.

Oracle recommends that a unique password be created on each Oracle ILOM so that a compromised password could not be used against other Oracle ILOM systems.

See the Oracle CLI Tools for Oracle Solaris User’s Guide for instructions on how to save credentials in a file.