pvcauth command

Purpose

The pvcauth command is used to authenticate with an IBM® Power® Virtualization Center (PowerVC) and get a token. This token is required to use the PowerVC services for the AIX® Live Update operation. This token is valid only for a set time period. This command can also be used to invalidate a token.

Syntax

To authenticate with PowerVC and to get a token, use the following syntax:

pvcauth [ -u user_name ] [ -p password ] -a pvc [ -o project ][ -P port ]

To invalidate and remove a previously generated token, use the following syntax:

pvcauth -r -a pvc

To list all the known PowerVC authentication tokens, use the following syntax:

pvcauth -l

Description

You can use the pvcauth command if you have access to all types of object and if you have appropriate PowerVC administrative authority. The pvcauth command generates a token that can be used by an AIX partition administrator to perform the Live Update operation. If the command succeeds, a token is stored in the kernel. You can now use the geninstall command to perform the Live Update operation.

To use this command, you must have authority to perform the following tasks:

Power on a managed partition.
Shut down a managed partition.
Create a managed partition.
Remove a managed partition.
Manage storage volumes.
Manage network adapters.

Parameters

password: A string of up to 64 characters that specifies a password.
port: A string of up to 16 characters that specifies a port number to contact PowerVC. The default value of this parameter is 5000.
project: A string of up to 64 characters that specifies the PowerVC project name.
pvc: A string of up to 64 characters that specifies either the host name or the IP address of the PowerVC for authentication.
user_name: A string of up to 64 characters that specifies the PowerVC user name.

Flags

-a pvc: Specifies the host name or the IP address of PowerVC for authentication.
-o project: Specifies a PowerVC project name that is used to authenticate with PowerVC. If you do not specify the -o flag, the project name is set to the default name as ibm-default.
-l: Lists all the known PowerVC authentication tokens. The information that is listed includes the current Time To Live (TTL) value for the token.
-p password: Specifies the PowerVC password for authentication. If you do not specify the -p flag, you are prompted for the password after you run the pvcauth command.
-P port: Specifies a port number that can be used to contact PowerVC.
-r: Removes the token that is generated by PowerVC.
-u user_name: Specifies the PowerVC user name that can be used for authentication. You must have access to all types of objects and appropriate PowerVC administrative authority.

Examples

To authenticate with an HMC, called apollo, which has a firewall and in which the PowerVC port 5000 is not accessible, a rebound proxy node can be set up to use a different port that is open. To authenticate a logical partition called mylpar and to use the SSH client with port 14111 on a proxy node that is called proxy1, enter the following commands:
```
root @ proxy1: /
# ssh -R localhost:14111:apollo:5000 root@mylpar

root @ mylpar: /
# pvcauth -a localhost -u hscroot -P 14111
Enter HMC password:
```
You can specify the management_console attribute as localhost in the pvc stanza of the lvupdate.data file to initiate the Live Update operation.
To authenticate with PowerVC that has an IP address 5.5.55.121 with password prompt, enter the following command:
```
# pvcauth -a 5.5.55.121 -u root
     Enter password for root:
```
To invalidate a previous authentication with PowerVC that has an IP address 5.5.55.121, enter the following command:
```
# pvcauth -r -a 5.5.55.121
```