Managing credential cache - cachemgr utility

You can use the cachemgr.sh or cachemgr.bat command to list and delete the content of credentials cache.

Command syntax

cachemgr -h | -u user -p password (-l|-r) valid|invalid|all [[ -s IP|scope|scope group|range|subnet ] [ -a addressSpace ] [ -n accessCredentialName ] [ -c type ] [ -d yyyy/mm/dd ] [ -k key ] [ -t locationTag ]]

Parameters

-a, --addressSpace addressSpace
Is the address space name.
-c, --class type
Is the type of a selected access entry that is described by the name of the specific class that implements access entry.
-d, --date yyyy/mm/dd
Is the date threshold that is used to select entries not modified until specified time. The format is yyyy/mm/dd.
-h, --help
Shows help.
-k, --key key
Is the key of a selected cache entry.
-l, --list valid|invalid|all
Is the listing operation that is controlled by the following arguments:
  • valid - lists only valid authentication attempts held in a cache.
  • invalid - lists only invalid authentication attempts held in a cache.
  • all - lists both valid and invalid authentication attempts held in a cache.
-n, --name accessCredentialName
Is the name of access credentials, the same as in the access list.
-p, --password password
Is the password for the user that logs in to the TADDM server.
-r, --remove valid|invalid|all
Is the remove operation that is controlled by the following arguments:
  • valid - removes only valid authentication attempts held in a cache.
  • invalid - removes only invalid authentication attempts held in a cache.
  • all - removes both valid and invalid authentication attempts held in a cache.
-s, --scope IP|scope|scope group|range|subnet
Is the scope of an access entry. It is controlled by the following arguments:
  • IP
  • scope
  • scope group
  • range
  • subnet
-t, --locationTag locationTag
Is the location tag of a selected access entry.
-u, --username username
Is the user that logs in to the TADDM server.

Examples

  • The following command lists all invalid authentication attempts for computers in the scope "ScopeSet":
    cachemgr.sh -u user -p password -l invalid -s ScopeSet
    This command generates the following output:
    Following entries are matching provided criteria:
CachedAuthEntry
	guid: 3B954CE4CFBF346C8DF538F09F1F7FFD
	keyString: SSH!9.128.109.144!!com.collation.platform.security.auth.HostAuth!null!
	lastModified: Thursday, 5 September 2013 11:00:38
	Authorization: invalid. Error message: CTJTP1190E The server did not complete the authorization process.
CachedAuthEntry
	guid: ACC2F35A66D3379BAC13FC606C5A08A3
	keyString: SSH!9.128.109.145!!com.collation.platform.security.auth.HostAuth!null!
	lastModified: Thursday, 5 September 2013 11:00:38
	Authorization: invalid. Error message: CTJTP1190E The server did not complete the authorization process
  • The following command deletes invalid authentication attempts in IP range 9.123.149.10 - 9.123.149.12 and the access entry com.collation.platform.security.auth.HostAuth:
    cachemgr.sh -u user -p password -r invalid -s 9.123.149.10-9.123.149.12 -c com.collation.platform.security.auth.HostAuth
    This command generates the following output:
    AuthEntries removed from cache successfully (2).

Cachemgr utility return codes

If you write a cron script or some other script that calls the cachemgr utility, the following return codes indicate how the program exited.
0
Program completed successfully.
1
An invalid command line parameter was supplied. Either the parameter itself or the data that is supplied with the parameter is incorrect. Correct the command and try again.
2
A date command line parameter was not in the expected format.
3
Either provided scope definition does not resolve to any IP address or provided access entry is not valid.
4
Some error occurred but it is unknown. Go to the log directory and open the cachemgr.log to look for more information.
5
The provided user does not have enough privileges (discovery) to perform operation.
6
There were no entries in database that match provided criteria.