Security commands
Use the commands in this section to manage security certificates and authorizations for users and user-groups for IBM® Flex System Manager.
smcli commands
The following smcli security commands are available:
- authusergp command
Use the authusergp command to authorize an existing user group in an external user registry to access the IBM Flex System Manager. This command is available only when an external user registry is configured. All user groups created for the local registry are authorized by default. - cfgaccess command
Use the cfgaccess command to configure access for systems managed by IBM Flex System Manager. - cfgappcred command
Use the cfgappcred command to change the password that IBM Flex System Manager uses to access particular associated applications. - cfgcertpolicy command
Use the cfgcertpolicy command to view or configure the trust management certificate policy that IBM Flex System Manager uses. - cfgcred command
Use the cfgcred command to configure credentials for systems managed by IBM Flex System Manager. - cfgpwdpolicy command
Use the cfgpwdpolicy command to display and change the IBM Flex System Manager password policy settings. - chaudit command
Use the chaudit command to modify audit settings and also to configure a rsyslog server to store audit events sent from IBM Flex System Manager. - chchassisrole command
Use the chchassisrole command to change the properties of a CMM or IMM custom role. - chcred command
Use the chcred command to change credentials for systems managed by IBM Flex System Manager. - chLegacyProtocol command
Use the chLegacyProtocol command to enable or disable legacy protocols for the FSM. - chFsmSysPwd command
Use the chFsmSysPwd command to change the system passwords (root and user registry passwords). - chrole command
Use the chrole command to change the properties of a role. - chuser command
Use the chuser command to change user specifications (such as roles) that apply to the user and user groups to which the user belongs. To change a user’s password, use the chuserpwd command. - chusergp command
Use the chusergp command to change user group specifications such as roles that apply to the user group or users that are members of the user group. - chuserpwd command
Use the chuserpwd command to change the user password. - deletecertCRL command
Use the deletecertCRL command to remove a Certificate Revocation List (CRL) from IBM Flex System Manager. - exportcert command
Use the exportcert command to export a certificates from an IBM Flex System Manager keystore or truststore to a pem file. - getSSOstatus command
Use the getSSOstatus command to obtain the status that specifies how IBM Flex System Manager administers single sign-on functionality for all managed Flex System Enterprise Chassis. - importcert command
Use the importcert command to import certificates into an IBM Flex System Manager keystore or truststore. - importcertCRL command
Use the importcertCRL command to import a Certificate Revocation List (CRL) into IBM Flex System Manager. - lockuser command
Use the lockuser command to lock one or more users. - lsaudit command
Use the lsaudit command to list audit settings and categories. - lsauditlogs command
Use the lsauditlogs command to list a specific number of audit log messages for one or more audit categories. - lscert command
Use the lscert command to list the certificates in an IBM Flex System Manager keystore or truststore. - lschassisind command
Before a CMM can be managed by a management node, existing subscriptions to another management node must be cleared. Use the lschassisind command to determine whether a CMM has subscriptions to a management node and to clear those subscriptions, if necessary. - lschassisrole command
Use the lschassisrole command to list the custom CMM and IMM roles available for the IBM Flex System Manager. - lsCmmSecPolicy command
Use the lsCmmSecPolicy command to list the security policy level (legacy or secure). It also lists the current state of the security policy (active, pending, or error) for a specified CMM. - lscred command
Use the lscred command to list credentials for systems managed by IBM Flex System Manager. - lsFsmSecPolicy command
Use the lsFsmSecPolicy command to list the security policy level (legacy or secure) and the current state of the security policy (active or error) for an FSM. - lsperm command
Use the lsperm command to list the permissions. - lsrole command
Use the lsrole command to list the roles in IBM Flex System Manager. - lsuser command
Use the lsuser command to list users. - lsusergp command
Use the lsusergp command to list the IBM Flex System Manager user groups. - mkchassisrole command
Use the mkchassisrole command to create a CMM or IMM customer role that contain a list of permissions for authorization to access IBM Flex System Manager. - mkrole command
Use the mkrole command to create roles that contain a list of permissions for authorization to access IBM Flex System Manager. - mkuser command
Use the mkuser command to create a new user. - mkusergp command
Use the mkusergp command to create a new user group. - pwdexpired command
Use the pwdexpired command to determine if the password for one or more users has expired. - resetLdapCerts command
Use the resetLdapCerts command to reset the Transport Layer Security (TLS) certificate and private key for the FSM user registry. - resetuserpwd command
Use the resetuserpwd command to reset the password for a specified user temporarily. The user will need to set the password after logging in with the temporary password. - revokecert command
Use the revokecert command to invalidate certificates in an IBM Flex System Manager keystore or truststore. - rmauditlogs command
Use the rmauditlogs command to remove the audit log for one or more audit categories. - rmcert command
Use the rmcert command to remove certificates from an IBM Flex System Manager keystore or truststore. - rmchassisrole command
Use the rmchassisrole command to remove one or more custom CMM or IMM roles. - rmcred command
Use the rmcred command to remove credentials for systems managed by IBM Flex System Manager. - rmrole command
Use the rmrole command to delete roles. - rmuser command
Use the rmuser command to change user group specifications such as roles that apply to the user group or users that are members of the user group. - rmusergp command
Use the rmusergp command to change user group specifications such as roles that apply to the user group or users that are members of the user group. - setChassisSSO command
Use the setChassisSSO command to enable or disable single sign-on functionality for all managed Flex System Enterprise Chassis. - setCmmSecPolicy command
Use the setCmmSecPolicy command to set the security policy for the specified CMM security policy level. Valid values are secure and legacy. - setFsmSecPolicy command
Use the setFsmSecPolicy command to set the FSM security policy level. Valid values are secure and legacy. - unlockuser command
Use the unlockuser command to unlock one or more users. - unrevokecert command
Use the unrevokecert command to revalidate revoked certificates in an IBM Flex System Manager keystore or truststore. - userlocked command
Use the userlocked command to determine if one or more users are locked.
Parent topic: smcli - Systems management command-line interface