Red Hat LINUX VIRTUAL SERVER 5.1 - ADMINISTRATION Instrukcja Użytkownika Pobierz pdf (Strona 27)

VMware, Inc. 27

Chapter 3 Using the vSphere Command-Line Interface

Using Microsoft Windows Security Support Provider Interface

The--passthroughauthoption,whichisavailableifyourunvCLIcommandsfromaMicrosoftWindows

system,allowsyoutousetheMicrosoftWindowsSecuritySupportProviderInterface(SSPI).SeetheMicrosoft

WebsiteforadetaileddiscussionofSSPI.

Youcanuse--passthroughauthtoestablishaconnectionwithavCenterServer

system(vCenterServer

systemorVirtualCenterServer3.5Update2orlater).Aftertheconnectionhasbeenestablished,authentication

forthevCenterServersystemoranyESXisystemitmanagesisnolongerrequired.Using

--passthroughauthpassesthecredentialsoftheuserwhorunsthecommandtothetargetvCenterServer



system.Noadditionalauthenticationisrequirediftheuserwhorunsthecommandisknownbythecomputer

fromwhichyouaccessthevCenterServ ersystemandbythecomputerrunningthevCenterServersoftware.

IfvCLIcommandsandthevCenterServersoftwarerunonthesamecomputer,theuser

needsonlyalocal

accounttorunthecommand.IfthevCLIcommandandthevCenterServersoftwarerunondifferent

machines,theuserwhorunsthecommandmusthaveanaccountinadomaintrustedbybothmachines.

SSPIsupportsseveralprotocols.Bydefault,itselectstheNegotiateprotocol,where

clientandservertryto

findaprotocolthatbothsupport.Youcanuse--passthroughauthpackagetoexplicitlyspecifyaprotocol

thatissupportedbySSPI.Kerberos,theWindowsstandardfordomain‐levelauthentication,isused

frequently.IfthevCenterServersystemisconfiguredtoacceptonlyaspecificprotocol,specifying

theprotocol

with --passthroughauthpackagemightberequiredforsuccessfulauthentication.Ifyouuse

--passthroughauth,youdonothavetospecifyauthenticationinformationbyusingotheroptions.

Example

esxcli --server <vc_server> --passthroughauth --passthroughauthpackage “Kerberos”

--vihost my_esx network ip interface list

vicfg-mpath.pl --server <vc_server> --passthroughauth --passthroughauthpackage “Kerberos”

--vihost my_esx --list

ConnectstoaserverthatissetuptouseSSPI.Whenatrusteduserrunsthecommand,thesystemcallsthe

ESXCLIcommandorvicfg-mpathwiththe--listoption.Thesystemdoesnotpromptforausernameand

password.

vCLI and Lockdown Mode

LockdownmodedisablesalldirectrootaccesstoESXimachines.TomakechangestoESXisystemsin

lockdownmodeyoumustgothroughavCenterServersystemthatmanagestheESXisystem.Youcanusethe

vSphereClientorvCLIcommandsthatsupportthe--vihostoption.Thefollowingcommandscannotrun



againstvCenterServersystemsandarethereforenotavailableinlockdownmode:

 vicfg-snmp

 vifs

 vicfg-user

 vicfg-cfgbackup

 vihostupdate

 vmkfstools

 vicfg-ipsec

IfyouhaveproblemsrunningacommandonanESXihostdirectly(withoutspecifyingavCenterServer

target),checkwhetherlockdownmodeisenabledonthathost.SeethevSphereSecuritydocumentation.

Common Options for vCLI Execution

Table 3‐2listsoptionsthatareavailableforallvCLIcommandsinalphabeticalorder.Thetableincludes

optionsforuseonthecommandlineandvariablesforuseinconfigurationfiles.

IMPORTANTForconnections,vCLIsupportsonlytheIPv4protocol,nottheIPv6protocol.Youcan,however,

configureIPv6on thetargethostwithseveralofthenetworkingcommands.

1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 37 38

Komentarze do niniejszej Instrukcji

Brak uwag

Red Hat LINUX VIRTUAL SERVER 5.1 - ADMINISTRATION Instrukcja Użytkownika Strona 27

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Serwery Red Hat LINUX VIRTUAL SERVER 5.1 - ADMINISTRATION