In addition to targets defined in the adapter configuration, the Kerberized SSH adapter can have dynamic targets defined in each adapter request. If a dynamic target is always defined in the Kerberized SSH adapter request, <config/> configuration node can be used in the adapter configuration.
BMC recommends that you do not include unused elements in the adapter configuration because they might cause errors.
Adapter type: ro-adapter-kerberos-ssh2_vv.rr.nn
Default adapter name: KerberosSSH2Adapter
To configure the Kerberized SSH adapter, see Configuring base adapters.
The following table describes the adapter configuration elements for the Kerberized SSH adapter that you can specify by using the form view, XML view, or both. You cannot use the form view to configure elements and attributes that do not have an entry in the "UI label" column.
Configuration node elements for the Kerberized SSH adapter
UI label | Element | Description | Required |
|---|---|---|---|
None |
| Contains the | Conditional; required if a target is referenced or defined in the request |
Target |
| Specifies the host name or the IP address of the remote host | Yes |
Port |
| Specifies the port on which the remote host listens Default value: 22 | No |
User Name |
| Specifies the name of the user registered as the Kerberos user principal | Conditional |
Password |
| Specifies the password that corresponds to the The | Conditional |
Encryption Type |
| Indicates whether the password specified is encrypted; is an attribute of the Valid values: Base64, Plain (default) | No |
Krb Realm |
| Specifies the name of the Kerberos realm | Conditional |
Kdc Name |
| Specifies the name of the host acting as the Key Distribution Center (KDC) | Conditional If the host name provided is not a Fully Qualified Domain Name (FQDN), this shortened host name, and not the FQDN, must exist in the Kerberos database. |
Use Subject Credentials |
| Uses credentials available inside the Java Authentication and Authorization Service (JAAS) authenticated Subject instance Valid values: true (default), false With a value of false, Kinit (used to obtain and cache Kerberos ticket-granting ticket) is used to acquire initial credentials. This value is typically set to true in production environments. | No |
Krb Login Config File |
| Specifies the path and file name of the login properties file | No |
Krb5 Debug |
| Enables debug level logging for Kerberos related supporting logic in SUN Java language for this feature Valid values: true, false (default) | No |
Prompt |
| Specifies the console prompt displayed when the system is waiting for a command The | Conditional; required when using the proxy command feature |
None |
| Determines whether the adapter must determine the target OS type soon after authentication is complete or a connection is established Valid values: true (default), false If the value of the | No |
Timeout Secs |
| Specifies the time, in seconds, to wait for the expected prompt to be returned If the expected prompt is not returned within the specified time, an error message returns. Default value: 60 seconds | No |
Establish Connection Timeout Secs |
| Specifies the time, in seconds, to wait for user authentication on the target server If authentication is not successful within this time, an error message is returned. Default value: 60 seconds | No |
Network Environment |
| Creates an extra session for use in Sun Solaris 9 environments Valid values: true, false (default) This value must be set to false when establishing a connection to a network appliance. | No |
Line Termination |
| Specifies the line termination character that is used when invoking the SSH command Typically, the value is a hexadecimal value for \r (&#D;) or \n (&#A;). Default value: No line termination character is assigned | No |
The following figure shows an XML template of the adapter configuration for the Kerberized SSH adapter with a Java client.
XML template of the Kerberized SSH adapter (Java client) configuration
<config name=""> <target></target> <port></port> <user-name></user-name> <password encryption-type=""></password> <krb-realm></krb-realm> <kdc-name></kdc-name> <use-subject-credentials></use-subject-credentials> <krb5-login-config-file></krb5-login-config-file> <krb5-debug></krb5-debug> <prompt></prompt> <timeout-secs></timeout-secs> <verify-os></verify-os> <establish-connection-timeout-secs></establish-connection-timeout-secs> <network-environment></network-environment> <line-termination>
</line-termination>
</config>
When the krb-realm parameter is specified, the value of the default_realm parameter in the Kerberos configuration file is ignored.
The following figure shows the adapter configuration for the Kerberos SSH2 adapter with the krb-realm parameter.
XML sample of the Terminal Kerberos SSH2 adapter configuration with krb-realm
<config> <user-name>admintest</user-name> <password>servertest</password> <krb-realm>RODC.COM</krb-realm> <target>server7.myserver.com</target> <prompt>$</prompt>
</config>Enabling custom logging
To enable custom logging for the adapter, you must specify a log file name. You can also provide additional parameters for logging.
Note
You must be using TrueSight Orchestration version 8.1 or later to use the custom logging feature. These parameters will be ignored in earlier versions of TrueSight Orchestration Platform.
These parameters are available with supported adapter versions. See TrueSight Orchestration Content documentation for details.
Encrypting an element's contents
You can add the attribute secure="true" to an XML adapter element XML view to ensure that the element's contents is encrypted when displayed.
Note
You must be using TrueSight Orchestration Platform version 8.1 or later to use this encryption attribute.
