Per User Tool Authentication

Started by gammy69er, August 10, 2020, 08:09:19 AM

Previous topic - Next topic

gammy69er

Hey Peeps.

Looking for a way to have it so as my tools will be able to pull access details from current user session.

Am looking to use RADIUS to auth all techs - and then have that same RADIUS server give them access to the managed Devices.

Can populate tools with a %U for the unique username - however can see no way to use the password from the current session in a tool (as a macro or otherwise)

Can add Custom Attributes to the Nodes/Templates and use those - but as using radius - will be a per user password.

Is there any way to pull and assign the current session's password to a required tool - or is there a place where I can put per user attributes to pull from with an object Tool macro/script

I found the info about Input fields - but this will not do.  I am not at all adverse to the team having to do a password change in XMS and RADIUS (if they want) - but having to enter the password every time is no good)

Any Script examples or ideas of where to go appreciated.  If no such thing is available - I'll put in a request

Cheers in advance

Filipp Sudanov

Hi!

There is no such thing in netxms - we do no cache the password entered by user so we do not have it anywhere after user logs in. And it seems to be not good idea from security viewpoint to keep any passwords plaintext and enter them somewhere.

Staj

Is PowerShell an option in your environment?

gammy69er

Hey Guys - Cheers for the Current Replies.

Quote from: Filipp Sudanov on August 10, 2020, 05:10:05 PM
Hi!

There is no such thing in netxms - we do no cache the password entered by user so we do not have it anywhere after user logs in. And it seems to be not good idea from security viewpoint to keep any passwords plaintext and enter them somewhere.

Filipp - TY for the Info.  The current issue faced is that with trying to automate the tools as it stands - the only way is Clear text Custom Attributes - which is obviously no good, or manual entry every time - which takes up 2-10 seconds every connect to type/find password.  This adds up over a day/week/month/year and am just looking to increase productivity and reporting with XMS.
The thought I had was that if the obscured field used to login was held in memory (an possibly encrypted) - then a call could be made to that whenever it was required

Quote from: Staj on August 11, 2020, 09:36:49 AM
Is PowerShell an option in your environment?

Staj. Powershell is available I suppose - as to whether it's and option or not would come down to what Powershell would be used for.  If you have an Idea - I am all ears.  Would be happy to run external script if it means that overall (for everyone else not using in this way) XMS is a little more robust and secure.

In the meantime - I have a couple of Ideas for what XMS could do to lessen my issue - so might just put in a feature request and see where it gets to.

Cheers