EMC – naviseccli -AddUserSecurity

There are any number of reasons why you mightn’t want to store your CLARiiON credentials in an encrypted file in your home directory. I can’t think of any. This post will cover the basics of setting yourself up with a security file that means you won’t have to keep entering your username, scope and password every time you want to use naviseccli.

This is the command to add user security information to the security file on this host. You need to use the -scope switch to add scope information to the security file. You can also use the -password switch or enter your password into the password prompt, to supply the required password information to the security file. If you don’t specify the -user switch, naviseccli assumes that the currently logged in user is the username you wish to use. The -secfilepath switch is also optional with this command. Note that if you use the -secfilepath switch, you can specify an alternative location to your default home directory, for the security file on this host. Keep in mind that you will then need to use the -secfilepath switch in each subsequent command you issue. You might find this tiresome.

This blats any user security information about the current user from the security file on this host.

-scope 0|1|2
Specifies whether the user account on the storage system you want to log in to is global (0), local (1), or LDAP (2). A global account is, as the name implies, global for the Navisphere / Unisphere domain you’re working in. A local account is effective on only the storage systems for which the administrator creates the account. LDAP maps the username/password entries to an external LDAP or active directory server for authentication.

-secfilepath filepath
Stores the security file in a specified location. This is useful if for some reason you don’t want the security file stored in your default home directory.

Enough talk. Here’s an example of how to setup the security file.

c:\>naviseccli -AddUserSecurity -Scope 0 -user san_admin

Enter password:

Assuming that the user san_admin is valid for the domain, and assuming that I’ve entered the password correctly, I can now run commands against any array in the domain without entering the username, password or scope. When you have a long password this can lead to some real time savings :)