managepwfile

The managepwfile command manages a security file that contains passwords for any existing DS user account. This password security file can then be used with the -pwfile parameter of the dscli command instead of the -passwd parameter. Although using a security file is not required, it is strongly recommended as a more secure method of entering the user's password when invoking the dscli command. The security file method does not require entering the password on the command line, nor is it contained in any script files.

Read syntax diagramSkip visual syntax diagrammanagepwfile  -action  add  remove  change  -pwfile  file_name -mc1  hmc1  -mc2  hmc2  -mcall  -name  username  -pw  password

Parameters

-action
(Required) A process that is enacted on the password file. Specify one of the following options:
add
Creates an entry for the user and the specified primary HMC in the password file. If the password file does not exist, it will be created.
remove
Removes the password file entry for the designated user.
change
Changes the password file entry for the designated user.
-pwfile file_name
(Optional) The name for the password file. You can specify the password file as an absolute path or a relative path. The relative path is obtained from the current working directory.
-mc1 hmc1
(Optional) The DNS name or the IP address. hmc1 designates the Model 2107 primary HMC, Model 1750 primary SMC, Model 2105 primary Copy Services server DNS or IP address.
Note: If you do not specify this parameter, the DS CLI will use the value that was specified for -hmc1 in the current CLI session connection, or the default value, if specified, for HMC1 in your profile file. This value, as entered and converted to lower case, along with the value of the -name parameter is used as a key in the password file. If the values for -mc1 and -mc2 are equivalent, then only one key is generated.
-mc2 hmc2
(Optional) The DNS name or the IP address of the secondary HMC.
Note: If you do not specify this parameter, the DS CLI will use the value that was specified for -hmc2 in the current CLI session connection, or the default value, if specified, for HMC2 in your profile file. This value, as entered and converted to lower case, along with the value of the -name parameter is used as a key in the password file. If the values for -mc1 and -mc2 are equivalent, then only one key is generated.
-mcall
(Optional) Any existing DNS name or IP address in the password file. The specified action is applied to any entry in the password file that is identified only by the –name value as the lookup key. You can use this parameter to change all of the passwords for a particular user in one command.

For the remove and change actions, you can specify this value instead of the –mc1 parameter, the -mc2 parameter, or both. For the add action, this parameter is ignored.

-name username
(Optional) The user name that you use to access the DS CLI. This information, along with the -mc1 and -mc2 parameter information, is used as keys in the password file.
-pw password
(Optional) A user-assigned password. The password is case-sensitive.
Notes:
  1. The primary or secondary Storage Manager IP addresses, along with the user name, are used to form a key to locate the user's password in the security file. However, these values are stored as character strings. Therefore, either use the same string every time for the IP addresses, or use managepwfile to store all variations of the IP addresses. In other words, the IP address of 9.11.64.211 and the DNS name of myds.chicago.abc.com would form different keys even though they identify the same machine.
  2. A password file is created with a user's default protection mask. The user can update the protection mask to allow access only to the owner of the file. Also, you must write down the directory name where the password file is contained in case you need to use it later.
  3. The password file has a default value of <user_home>/dscli/security.dat.
    The home directory <user_home> is defined by the Java system property named "user.home" The location of your password file is determined by your operating system. The following examples are home directories in different operating systems:
    Windows XP operating system
    For a Windows XP operating system, the property value defaults to the environment variable %USERPROFILE%. As a result, your personal profile is C:\Documents and Settings\<username>\dscli\security.dat.
    UNIX or Linux operating system
    For an UNIX or Linux operating system, the property value defaults to the environment variable $HOME. As a result, your personal profile is ~/dscli/security.dat.
    i5/OS
    For the i5/OS, your personal profile is /home/<username>/dscli/security.dat.
    Note: The values of the Java system properties can be redefined by JRE options. If you are having problems, check to see whether you have an environment setting like the following on your local system:
    _JAVA_OPTIONS=-Duser.home=…
  4. In some circumstances this command might return more than one error/informational message.

Example: Managing a password security file.

dscli> managepwfile -action add -mc1 myess.ibm.com  -mc2 myess2.ibm.com 
-name testuser –pw AB9cdefg 
Output:
Record myess.ibm.com/testuser successfully added to password file
c:\Documents and Settings\testuser\dscli\security.dat
Record myess2.ibm.com/testuser successfully added to password file 
c:\Documents and Settings\testuser\dscli\security.dat