JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 6

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 7

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • To specify the user account/password a $credential object is created.
    • The above example exposes the root account and the root password directly to readers of the script.
    • Frequently users populate the credential object from a PowerShell® profile that is automatically executed when running PowerShell® scripts.
    • There are more ways of populating credential objects, e.g. by reading a serialized object from a file.
  • Please keep in mind that PowerShell® credential objects are not secure. In fact they are based on a "secure string" datatype that does not expose a password immediately. However, secure strings are intended to prevent exposition of credentials during logging, they do not prevent a password from being decrypted like this:
    • $ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($credential.password)
      $password = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($ptr)
    • The above two lines are sufficient to decrypt a secure string $credential.password to a plain text $password variable. 

...

  • Authentication with credentials holding the user account/password is the same as for HTTP connections.
  • For use with HTTPS connections please note that:
    • the URL has to specify a hostname, not an IP address and not localhost.
    • The JOC Cockpit server certificate has to be created for the given hostname. This typically includes the use of the fully qualified hostname (FQDN) in the URL.
  • The PowerShell® client has to establish the HTTPS connection and therefore the JOC Cockpit server certificate has to be available to the PowerShell® client at one of the following locations:
    • from the Windows Certificate Store that might also be used by a number of browser products when establishing HTTPS connections. This means that parameter does not have to be specified to use this option,
    • from a certificate file that is specified with the -RootCertificatePath parameter.
      • this file holds the certificate in a PEM format (.pem, .crt) or
      • alternatively a truststore file can be specified in PKCS12 format (.p12).
        • If a truststore is used then the -RootCertificateCredentials parameter can be specified that holds a credential object with the password for access to the truststore.
        • When creating the truststore credential object then the first argument 'truststore' is arbitrary. Only the the second argument 'jobscheduler' is relevant as it specifies the password.

...